libpam_1.2.1 and CVE-2010-4708
Tupe, Amol (Amol)
tupea at avaya.com
Mon Dec 14 16:40:16 UTC 2015
Hello,
I was looking in source code of libpam 1.2.1 ( Linux-PAM-1.2.1/modules/pam_env/pam_env.c) and I don't see fix for
Security vulnerability issue CVE-2010-4708.
Should not DEFAULT_USER_READ_ENVFILE be defined as
#define DEFAULT_USER_READ_ENVFILE 1
Please suggest if this security issue is fix in different way in release 1.2.1 Or
I still need a patch for CVE-2010-4708 ?
Regards,
Amol T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20151214/62766f6e/attachment.htm>
More information about the Pam-list
mailing list