[Git][security-tracker-team/security-tracker][master] Add CVE-2018-17953/pam

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c15d5486 by Salvatore Bonaccorso at 2018-11-25T13:08:23Z
Add CVE-2018-17953/pam

The issue has been introduced by the SUSE applied patch
pam-hostnames-in-access_conf.patch to support hostnames in access.conf
introducing the issue as described in CVE-2018-17953[1] as demostrated
by an access.conf containing ::1. Fixed in SUSE via a follow-up patch.

 [1] https://bugzilla.novell.com/show_bug.cgi?id=1115640

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4256,8 +4256,14 @@ CVE-2018-17955
 	RESERVED
 CVE-2018-17954
 	RESERVED
-CVE-2018-17953
-	RESERVED
+CVE-2018-17953 [pam: pam_access.so doesn't properly handle ip addresses and subnets filtering]
+	RESERVED
+	- pam <not-affected> (Issue introduced by SUSE specific patch)
+	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115640
+	NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch)
+	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch
+	NOTE: And fixed with (use-correct-IP-address.patch)
+	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
 CVE-2018-17952
 	RESERVED
 CVE-2018-17951



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15d5486e635b2487c81101dbfd71a0a122cf961

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c15d5486e635b2487c81101dbfd71a0a122cf961
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181125/c581af28/attachment.html>