summaryrefslogtreecommitdiff
path: root/po/Linux-PAM.pot
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2015-06-22 14:53:01 +0200
committerThorsten Kukuk <kukuk@thkukuk.de>2015-06-22 14:53:01 +0200
commite89d4c97385ff8180e6e81e84c5aa745daf28a79 (patch)
tree17ef8bacb38a0f60a7476420ab62627cc8af440c /po/Linux-PAM.pot
parentf4fbbbcc52696d67ebe57ee8214fbbdf4c479dbc (diff)
Release version 1.2.1
Security fix: CVE-2015-3238 If the process executing pam_sm_authenticate or pam_sm_chauthtok method of pam_unix is not privileged enough to check the password, e.g. if selinux is enabled, the _unix_run_helper_binary function is called. When a long enough password is supplied (16 pages or more, i.e. 65536+ bytes on a system with 4K pages), this helper function hangs indefinitely, blocked in the write(2) call while writing to a blocking pipe that has a limited capacity. With this fix, the verifiable password length will be limited to PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. * NEWS: Update * configure.ac: Bump version * modules/pam_exec/pam_exec.8.xml: document limitation of password length * modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE * modules/pam_unix/pam_unix.8.xml: document limitation of password length * modules/pam_unix/pam_unix_passwd.c: limit password length * modules/pam_unix/passverify.c: Likewise * modules/pam_unix/passverify.h: Likewise * modules/pam_unix/support.c: Likewise
Diffstat (limited to 'po/Linux-PAM.pot')
-rw-r--r--po/Linux-PAM.pot24
1 files changed, 12 insertions, 12 deletions
diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot
index 3e37e16f..390ceb11 100644
--- a/po/Linux-PAM.pot
+++ b/po/Linux-PAM.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: Linux-PAM 1.2.0\n"
+"Project-Id-Version: Linux-PAM 1.2.1\n"
"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
-"POT-Creation-Date: 2015-03-25 16:52+0100\n"
+"POT-Creation-Date: 2015-06-22 14:16+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -242,12 +242,12 @@ msgid "contains the user name in some form"
msgstr ""
#: modules/pam_cracklib/pam_cracklib.c:701
-#: modules/pam_unix/pam_unix_passwd.c:494
+#: modules/pam_unix/pam_unix_passwd.c:501
msgid "No password supplied"
msgstr ""
#: modules/pam_cracklib/pam_cracklib.c:701
-#: modules/pam_unix/pam_unix_passwd.c:494
+#: modules/pam_unix/pam_unix_passwd.c:501
msgid "Password unchanged"
msgstr ""
@@ -371,7 +371,7 @@ msgid "Unable to create and initialize directory '%s'."
msgstr ""
#: modules/pam_pwhistory/pam_pwhistory.c:217
-#: modules/pam_unix/pam_unix_passwd.c:515
+#: modules/pam_unix/pam_unix_passwd.c:522
msgid "Password has been already used. Choose another."
msgstr ""
@@ -542,31 +542,31 @@ msgstr[1] ""
msgid "Warning: your password will expire in %d days"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:396
+#: modules/pam_unix/pam_unix_passwd.c:403
msgid "NIS password could not be changed."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:511
+#: modules/pam_unix/pam_unix_passwd.c:518
msgid "You must choose a longer password"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:618
+#: modules/pam_unix/pam_unix_passwd.c:625
#, c-format
msgid "Changing password for %s."
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:629
+#: modules/pam_unix/pam_unix_passwd.c:636
msgid "(current) UNIX password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:664
+#: modules/pam_unix/pam_unix_passwd.c:671
msgid "You must wait longer to change your password"
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:724
+#: modules/pam_unix/pam_unix_passwd.c:731
msgid "Enter new UNIX password: "
msgstr ""
-#: modules/pam_unix/pam_unix_passwd.c:725
+#: modules/pam_unix/pam_unix_passwd.c:732
msgid "Retype new UNIX password: "
msgstr ""