Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2639
libpam-tacplus security update
5 August 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libpam-tacplus
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-13881
Reference: ESB-2020.3222
ESB-2020.1989
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2730
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2730-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
August 04, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : libpam-tacplus
Version : 1.3.8-2+deb9u1
CVE ID : CVE-2020-13881
Debian Bug : 962830
It was discovered that there was an issue in libpam-tacplus (a
security module for using the TACACS+ authentication service) where
shared secrets such as private server keys were being added in
the clear to various logs.
For Debian 9 stretch, this problem has been fixed in version
1.3.8-2+deb9u1.
We recommend that you upgrade your libpam-tacplus packages.
For the detailed security status of libpam-tacplus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libpam-tacplus
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmEKiKYACgkQgj6WdgbD
S5aNQA/7Bh2jOEcbWUOA71sgfqzFX9kCZkqlUt8H3ppZ4upwlsshnoI9HZuk2kiS
1kGxpm81zxfcdH0FQsqNLTNwZ1RJWLCjolzJ6XZ9QZUFIqbm93lYLhml2HChGZiM
Wu5bG9iulA8K9vdyaj/C2BWAuLS/kOXGHcsEZ4Nww093ZUwhgCXuiV0hRaVaaIeg
jqFsUM7mnT9qJxt+ef+zyUb2fOUcdGNxQqPbsITVVhsqC/qjh/fg6nUkT7nKnHrW
voy8k8W6UA0CLlb3qzCmsrYmihUkb6cXzHFWKziCGOllv+gf0IwcBkdaOTmxFtHI
u3Jx1AFILXT+DxXfO/H4bVLwhglSrb/BKF37lIPYI6xrgJ7QV4gCJE3zesIBpU7w
X85i+kVE8K7A+PztFISr7i44igmq0bQLM+W1rLxIT116RjC3prWgcrX6PYszUIAu
ihD4+1XXunQmU5FMDGC79gF5F/eO661q6YnYA+BB2XKX+W+CYN1gYWQ1zjCuE5Ip
HaNznD+tUB5ELh9cNwYl1EQGqsPmPSpyPOQ79SvEhURqfh/KhS7U1J8A3VAScmd9
ZLqWuwBMDW5EZfxBMkmFxYl0MXoGAJoPVixDWie6MLt2ePLXKWXrAvD79VKc6wSR
ZdIP2yTNGsF6fOG6IhlA/vxOWHa8RTunoJC4SkHzRFFme5iGatg=
=j+r6
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYQtrpeNLKJtyKPYoAQimoQ//bnnwbwiiC5eG3MR6tIU7+zQ1bGtcAjT0
ifgTcCIXk8GPMkbMpvBYfPJkVtsVpt3ywPQH3hf54MXcF+ugiAAQFg09ZfUq4cZj
29KSXrUUFZ+8BR41+6DKXA7T0GwAupk8mlFvrsQzM2HX5k0yMHMBz586ylLR3N29
RYSifAGoOxy4AY02GgawEE4OQwtlw/bBbQ54gUF81tAfbJTrYXRwPZrhnR3mOpQ5
Ryp3dhMp/XLNBIf5LsqJx4H2COgqr4KcEdMOAr5hGDWaFMjqTI9DyGsZyO68wt/O
GM25+3Zjp0HtFDE3MzPfVakCTU0RWg7IFd8ab7DGuunvBg5wNzQo8lXFxBJhu8gk
iItEnFUunVlhbr4XuEDvLPGVyRd/TnhPA6o4/V36URowsKSzeHChnvoUr6rtCbjf
aXptzxyGNVxNbcv6McSFf700lwxJAHQyZYsgfgMUNaO4W6o3UVEfzTEyZylFXPie
KF53qtd3oFDA4pMkjJlPPJv1rdXDtj2CZCRVxEM30WbO+yJReRilG+VOwQKWhMKj
J4+IDB67Q6U/dQJ1LF+yWEIHyHIDASrd3aiayGuAnaEuLcNhrNn6ht6aUIewr5K3
x05ao6h2kUw6ne5AUVDMXSHWkvMCqdovIhO6Eh6WaXwFDQg2jXEOoq9+TS2bFsrh
TKq+6PGs9pY=
=Tefc
-----END PGP SIGNATURE-----