Categories
Archives
Tracker Tracker

 - Bugs ( 9 open / 34 total )
Bug Tracking System

 - Support Requests ( 3 open / 26 total )
Tech Support Tracking System

 - Patches ( 5 open / 33 total )
Patch Tracking System

 - Feature Requests ( 2 open / 9 total )
Feature Request Tracking System

Forums Forums ( 326 messages in 3 forums )
Mail Lists Mailing Lists ( 1 mailing lists )
Screenshots Screenshots
CVS CVS Tree ( 41 commits, 7 adds ) known bug
FTP Released Files
Toppage » News

Wed, 28 Sep 2005

pam-mysql 0.6.2 and 0.7pre3 are released.

The new releases include some crucial security fixes and the users are strongly urged to upgrade their installation.

Addressed security concerns:

  • Possible segmentation fault in the SQL logging facility, which can cause Denial-of-Service (DoS).

  • Flaws in the authentication and authentication token alteration code where incorrect treatment of the pointer returned by pam_get_item() were spotted. They can most likely induce DoS or possibly lead to more severe problems.

ChangeLog:

  • Changed handling of the "where" option to not escape meta characters (PR #1261484). (0.7pre3)

  • Overhauled the SQL logging facility (PR #1256243). (0.6.2, 0.7pre3)

  • Added logrhostcolumn (log.rhost_column) option that enables you to log the value of the "rhost" item specified by the application. (0.7pre3)

  • Fixed possible security flaw (0.7pre3)

  • Fixed memory leaks spotted when "config_file" option is used. (0.7pre3)

  • Fixed try_first_pass behaviour. (0.7pre3) ,

  • Changed option parsing behaviour so "=" following each option name is not needed. (0.7pre3)

You can download either one from the following URL:

Posted by Moriyoshi Koizumi | Wed, 28 Sep 2005 10:58 | permalink