2021-03-22
ALT-BU-2021-3810-1
Branch sisyphus update bulletin.
Package pam_python updated to version 1.0.8-alt1 for branch sisyphus in task 268145.
Closed vulnerabilities
Published: 2019-09-24
BDU:2020-01330
Уязвимость PAM-модуля pam-python интерпретатора языка программирования Python, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-09-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-16729
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
- https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
- [debian-lts-announce] 20191123 [SECURITY] [DLA 2000-1] pam-python security update
- [debian-lts-announce] 20191123 [SECURITY] [DLA 2000-1] pam-python security update
- https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
- https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
- https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/
- https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/
- USN-4552-1
- USN-4552-1
- USN-4552-2
- USN-4552-2
- DSA-4555
- DSA-4555