[Bug 776030] [NEW] libpam0g & libpam-modules fail integrity check with debsums

Wed, 04 May 2011 06:49:23 -0700 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Marc Deslauriers 
(mdeslaur):

$ lsb_release -rd
Description:    Ubuntu 11.04
Release:        11.04

$ apt-cache policy libpam0g libpam-modules
libpam0g:
  Installed: 1.1.2-2ubuntu8
  Candidate: 1.1.2-2ubuntu8
  Version table:
 *** 1.1.2-2ubuntu8 0
        500 http://us.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status
libpam-modules:
  Installed: 1.1.2-2ubuntu8
  Candidate: 1.1.2-2ubuntu8
  Version table:
 *** 1.1.2-2ubuntu8 0
        500 http://us.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status

The libpam0g and libpam-modules packages fail validation with debsums.
The packages are validated as follows:

$ sudo debsums -a libpam0g libpam-modules | fgrep FAILED
/lib/x86_64-linux-gnu/libpam.so.0.82.3                                    FAILED
/lib/x86_64-linux-gnu/libpam_misc.so.0.82.0                               FAILED
/lib/x86_64-linux-gnu/libpamc.so.0.82.1                                   FAILED
/usr/share/doc/libpam0g/changelog.Debian.gz                               FAILED
/lib/x86_64-linux-gnu/security/pam_access.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_debug.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_deny.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_echo.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_env.so                                 FAILED
/lib/x86_64-linux-gnu/security/pam_exec.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_faildelay.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_filter.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_ftp.so                                 FAILED
/lib/x86_64-linux-gnu/security/pam_group.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_issue.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_keyinit.so                             FAILED
/lib/x86_64-linux-gnu/security/pam_lastlog.so                             FAILED
/lib/x86_64-linux-gnu/security/pam_limits.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_listfile.so                            FAILED
/lib/x86_64-linux-gnu/security/pam_localuser.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_loginuid.so                            FAILED
/lib/x86_64-linux-gnu/security/pam_mail.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_mkhomedir.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_motd.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_namespace.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_nologin.so                             FAILED
/lib/x86_64-linux-gnu/security/pam_permit.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_pwhistory.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_rhosts.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_rootok.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_securetty.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_selinux.so                             FAILED
/lib/x86_64-linux-gnu/security/pam_sepermit.so                            FAILED
/lib/x86_64-linux-gnu/security/pam_shells.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_stress.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_succeed_if.so                          FAILED
/lib/x86_64-linux-gnu/security/pam_tally.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_tally2.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_time.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_timestamp.so                           FAILED
/lib/x86_64-linux-gnu/security/pam_umask.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_unix.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_userdb.so                              FAILED
/lib/x86_64-linux-gnu/security/pam_warn.so                                FAILED
/lib/x86_64-linux-gnu/security/pam_wheel.so                               FAILED
/lib/x86_64-linux-gnu/security/pam_xauth.so                               FAILED
/usr/share/doc/libpam-modules/changelog.Debian.gz                         FAILED

The packages continue to fail validation even after being reinstalled
with "sudo aptitude reinstall libpam0g libpam-modules" and rechecked.
The likeliest reason for the failure is invalid MD5 sums included in the
deb files; because of the critical security nature of these files,
ensuring the accuracy of the MD5 sums being shipped with the packages is
essential.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libpam-modules 1.1.2-2ubuntu8
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Mon May  2 17:28:37 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110330)
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: pam
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug natty
-- 
libpam0g & libpam-modules fail integrity check with debsums
https://bugs.launchpad.net/bugs/776030
You received this bug notification because you are a member of Ubuntu Bugs, 
which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to