==========================================================================
Ubuntu Security Notice USN-4290-2
March 03, 2020
libpam-radius-auth vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
libpam-radius-auth could be made to crash if it received specially crafted
network traffic.
Software Description:
– libpam-radius-auth: The PAM RADIUS authentication module
Details:
USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that libpam-radius-auth incorrectly handled certain long
passwords. A remote attacker could possibly use this issue to cause
libpam-radius-auth to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu4+esm1
Ubuntu 12.04 ESM:
libpam-radius-auth 1.3.17-0ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4290-2
https://usn.ubuntu.com/4290-1
CVE-2015-9542
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl5eUkwACgkQRbznW4QL
H2kBmRAAmPTqBo2p8VDB5AKi6/haoVRaV8qqZoy/QJnmtJna/Zl+Tlgl+15bXstH
jDp36jynN0wGkjpYLf3RkAYLa+pNY3xyvlLSvtHuoxHmN1ke77/U1GWXY1nEdh22
MRqjAaXeBA9po6srhz7a8herjhowTD8mA++DUupVhMjEiCtRavV1X1lPY6ppgxrK
jBblZOAR03gmpvet3/CFn+m5Jwe3ucZo+H+Ul9ehgwvL121AtCwY0q95BEzjMefC
VXlIVoq8zF0zYHHXdI2cfz7YqU9xcARc19QVXRwDroLe16MQ51WNlXNhiRLvvSdJ
1VScDZyKEFrlI3nA4exwJM7oZ0Cq/yxYtl53o8cKFlrb9V0rtaRjm33tgKUmll2E
0trjJtrnAWublFi74WmJqf9jRQ6Tu5UTv5c9qXWZEA86vKM3Rz2eTIiHHaFn6S1S
59VuxYVpzwg/Rx/X1dH6b9uofgV2AmgE68E2QpfNfK1cN5BYlne0/IniW0oyaBZm
aHIrjFFW4XkKYSqJWBpQ7Jr/OgM3IxX51ag1GP/W5GCds0u/oS7+mWEjOS/WXjJh
dY6FjJEW0PZmnGORsFLmPz4DYy+P1w0D8pck/VLTVRaVVoz9nCECXst3wGEkL17D
OpvlAHP7lHNJ43BIi6u25CcQisNMkZ6GubmGo90Q+3u50BjefEM=
=fWHs
—–END PGP SIGNATURE—–
—