Skip to content
This repository has been archived by the owner on Mar 16, 2022. It is now read-only.

1.45.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 17 Mar 13:27
· 287 commits to master since this release
1.45.0
bf67627

This release includes two changes:

  1. cflinuxfs2 has dropped support for libmysqlclient in favor of libmariadbd
  2. This release addresses USN-2935-1: PAM vulnerabilities Ubuntu Security Notice USN-2935-1 and USN-2935-2: PAM regression Ubuntu Security Notice USN-2935-2:
    • CVE-2013-7041: The pam_userdb module for Pam uses a case-insensitive method to comparehashed passwords, which makes it easier for attackers to guess the passwordvia a brute force attack.
    • CVE-2014-2583: Multiple directory traversal vulnerabilities in pam_timestamp.c in thepam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users tocreate aribitrary files or possibly bypass authentication via a .. (dotdot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTYvalue to the check_tty funtion, which is used by the format_timestamp_namefunction.
    • CVE-2015-3238: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM(aka pam) before 1.2.1, when unable to directly access passwords, allowslocal users to enumerate usernames or cause a denial of service (hang) viaa large password.
Assets 3
Loading