This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.45.0
cf-buildpacks-eng
released this
17 Mar 13:27
·
287 commits
to master
since this release
This release includes two changes:
cflinuxfs2
has dropped support forlibmysqlclient
in favor oflibmariadbd
- This release addresses USN-2935-1: PAM vulnerabilities Ubuntu Security Notice USN-2935-1 and USN-2935-2: PAM regression Ubuntu Security Notice USN-2935-2:
- CVE-2013-7041: The pam_userdb module for Pam uses a case-insensitive method to comparehashed passwords, which makes it easier for attackers to guess the passwordvia a brute force attack.
- CVE-2014-2583: Multiple directory traversal vulnerabilities in pam_timestamp.c in thepam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users tocreate aribitrary files or possibly bypass authentication via a .. (dotdot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTYvalue to the check_tty funtion, which is used by the format_timestamp_namefunction.
- CVE-2015-3238: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM(aka pam) before 1.2.1, when unable to directly access passwords, allowslocal users to enumerate usernames or cause a denial of service (hang) viaa large password.