Linux-PAM 1.1.3 released
Thorsten Kukuk
kukuk at suse.de
Thu Oct 28 14:27:05 UTC 2010
Hello,
I'm happy to announce the release of Linux-PAM 1.1.3.
This is more or less a bugfix release, including fixes
for three security relevant problems:
* pam_namespace: Clean environment for childs (CVE-2010-3853)
* libpam: New interface to drop/regain privilegs
* Drop root privilegs in pam_env, pam_mail and pam_xauth before
accessing user files (CVE-2010-3430, CVE-2010-3431)
* pam_unix: Add minlen option, change default from 6 to 0
* Documentation improvements
* Lot of small bug fixes
Thorsten
More information about the Pam-list
mailing list