[SECURITY] Fedora 9 Update: pam_ssh-1.92-10.fc9

updates at fedoraproject.org updates at fedoraproject.org
Sat May 2 16:42:59 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-3627
2009-04-13 18:44:47
--------------------------------------------------------------------------------

Name        : pam_ssh
Product     : Fedora 9
Version     : 1.92
Release     : 10.fc9
URL         : http://sourceforge.net/projects/pam-ssh/
Summary     : PAM module for use with SSH keys and ssh-agent
Description :
This PAM module provides single sign-on behavior for UNIX using SSH keys.
Users are authenticated by decrypting their SSH private keys with the
password provided. In the first PAM login session phase, an ssh-agent
process is started and keys are added. The same agent is used for the
following PAM sessions. In any case the appropriate environment variables
are set in the session phase.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 26 2009 Dmitry Butskoy <Dmitry at Butskoy.name> - 1.92-10
- Always use standard "Password:" prompt for the first password's inquire
  in a PAM chain (#492153)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #492153 - CVE-2009-1273 pam_ssh: Password prompt varies for existent and non-existent users
        https://bugzilla.redhat.com/show_bug.cgi?id=492153
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pam_ssh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list