27405 – pam-python new security issue CVE-2019-16729

Bug 27405 - pam-python new security issue CVE-2019-16729

Summary: pam-python new security issue CVE-2019-16729

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Dan Fandrich
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Duplicates (1):	27762 (view as bug list)
Depends on:
Blocks:

Reported:	2020-10-13 18:27 CEST by David Walser
Modified:	2020-12-06 17:29 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	pam-python-1.0.6-3.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-10-13 18:27:25 CEST

Ubuntu has issued an advisory on September 28:
https://ubuntu.com/security/notices/USN-4552-1

The issue is fixed upstream in 1.0.7.

Dan updated this in Cauldron but forgot to file a bug!

Comment 1 Dan Fandrich 2020-10-13 20:06:16 CEST

Sorry; I had my head down fixing autobuild problems and forgot. I'll take care of getting this into mga7.

Status: NEW => ASSIGNED

Comment 2 Dan Fandrich 2020-10-13 22:02:08 CEST

I looked at the upstream change to fix this issue and found that we already include the relevant line (in load_user_module) in 1.0.6 via the -fedora patchset. So, it looks like Mageia is not vulnerable to this in either mga7 or Cauldron, which is probably why I didn't open a bug. :-)

Status: ASSIGNED => RESOLVED
Resolution: (none) => INVALID

Comment 3 David Walser 2020-12-06 17:29:43 CET

*** Bug 27762 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu

Note You need to log in before you can comment on or make changes to this bug.