Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2850 libpam4j security update 9 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libpam4j Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Impact/Access: Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-12197 Reference: ESB-2017.2618 ESB-2017.2615 Original Bulletin: http://www.debian.org/security/2017/dsa-4025 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4025-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libpam4j CVE ID : CVE-2017-12197 It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in. For the oldstable distribution (jessie), this problem has been fixed in version 1.4-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.4-2+deb9u1. We recommend that you upgrade your libpam4j packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloDd9gACgkQEMKTtsN8 TjaVrQ//RQwXxTdgUvxkyHCFnrWGQ0w8FSt+5C3LZ4kZ8jBgysIjsh300CCON0Ai ueST6ERaK6b573mKFS9p4ji4VbueWOUAxVLgUUT2M1YrNSCf/omsajLNpTL719sm YXBpzs+pTj81iWhAWrxGjYNIjCbTovt2SsJtJPdQAmJLOtQBQKR6eTpM1qGmnYjZ y9aP0ds4M4BDybLUYlaACMp1X3fhEAZClJC7MjBwCuk19fnijpz368uu/mbrhgPy 1yLfHy0tL1W6tEriFgQcRNj536ZV/r8mdxljLg6AndSvo0uqmbtyymiYr9vFndJb PUS/lDqulfk4OBxJeDZLO0r3EivP8i78/cSt2E4syphNWQlB+QYs7DeYTvG4fpfQ G0+E7ynoPPTF4FVSxywqLpMiHNIRd1v1xComYoy8f9Pvk6dPwEvmBdUku6YMxeaj U85eKqWBUa1Zx+HdUsmtnp/+nL4Fxfmqx4foupV+tpD4Fh8YrYaNdXU0WOTKjRuO ULhgfX65ZFVqrlRhDB32cp2wCnQ+ETPZYgPKTQHROelwhMsZxTt4hex9AhJL/EKP +csN+kshCCDFepv/TJenZQiDvBNGyDx422FCtLxdfEMsm1QZU4rRY1JpRX5pGTsL 6fnCl7cp5edmMy4Ft1UfYeaPzXsnDDGLelvOa1GCzTQdenS70+k= =o+Xw - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWgO2H4x+lLeg9Ub1AQi7Ww/+LxpXOrAJ7qg3WWB8bgkfiRVuJ6lSP2Ep euANU105swOStM2JNRtwTRJYxkL3zYsPUOlJnURv14is8EJcEnmZPYrvvHd3+bW4 Z6x+zV2fO0uvqunVVDTLWiUOwlvvhdG/v4dX/qbCVGXTYucJXf27tSn3WAb5rygN mgZwRkCK8eh3bma7TbrY5qGnLmezAKAv5m8TPuIMS49qVqx+1Wz8hqR8o4c2TlRI wXoDB34YDWPjnvB4boeAxPD0wKkVJSPOndleLmfmh0TZtedakEz1Z6XZ6KJxillv vKLVT4sn2E4WGj3Ss0WzjoWRbAZWQAv+hAtwuub0WpmlZeorPAm2GWmW6gfZQOUA CHRpDUJdvvGVzT30/32FGBv37bEyOzuALv9ayUcvlHDt+VqPH0N941vsfYjTVnDs Tltt0iKI/CDwTlePzExxBh79WgLwaOjRtHdoG8JHOLp/SVVdwTmW5CxWMkqCCf4j T1Zw0vVoeevJWBvyJ/Lrs/a+ekaktuJcaY6fK6DrqMoD5MX0WskxxEw3JoNHPp3N oasOZwHfZqSQ3nYNbWQ0M20DIkKxSYsWoSKi3/ayT0s38JqcC7Mdbxa4ViwAe2Jf ca6qqTfWtTrSYDwrn33wN1/L9/n+HW6RYQ45uihM5hTypFRhtSXxVHYDNHt+znUV lIxgxhSJ9cI= =YZHb -----END PGP SIGNATURE-----