{"id":"USN-2935-2","summary":"pam regression","details":"USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging\nchange that prevented upgrades in certain multiarch environments. This\nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that the PAM pam_userdb module incorrectly used a\n case-insensitive method when comparing hashed passwords. A local attacker\n could possibly use this issue to make brute force attacks easier. This\n issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041)\n \n Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly\n performed filtering. A local attacker could use this issue to create\n arbitrary files, or possibly bypass authentication. This issue only\n affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583)\n \n Sebastien Macke discovered that the PAM pam_unix module incorrectly handled\n large passwords. A local attacker could possibly use this issue in certain\n environments to enumerate usernames or cause a denial of service.\n (CVE-2015-3238)\n","modified":"2026-04-22T09:24:50.200790Z","published":"2016-03-16T18:43:09Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2935-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1558114"}],"affected":[{"package":{"name":"pam","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/pam@1.1.8-1ubuntu2.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.8-1ubuntu2.2"}]}],"versions":["1.1.3-8ubuntu3","1.1.3-10ubuntu1","1.1.3-11ubuntu1","1.1.8-1ubuntu1","1.1.8-1ubuntu2","1.1.8-1ubuntu2.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libpam-cracklib","binary_version":"1.1.8-1ubuntu2.2"},{"binary_name":"libpam-modules","binary_version":"1.1.8-1ubuntu2.2"},{"binary_name":"libpam-modules-bin","binary_version":"1.1.8-1ubuntu2.2"},{"binary_name":"libpam-runtime","binary_version":"1.1.8-1ubuntu2.2"},{"binary_name":"libpam0g","binary_version":"1.1.8-1ubuntu2.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2935-2.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}