Changes between Initial Version and Version 1 of Errata/2014-06-02


Ignore:
Timestamp:
Oct 22, 2014, 11:18:00 AM (4 years ago)
Author:
Dag-Erling Smørgrav
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Errata/2014-06-02

    v1 v1  
     1= Errata: Policy loading =
     2
     3 Date:: 2014-06-02
     4
     5 Affects:: [[Releases/Nummularia|Nummularia]] and [[Releases/Micrampelis|Micrampelis]]
     6
     7 References:: http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879
     8
     9 Description:: When loading a module or processing an include directive, an {{{ENOENT}}} (file not found) error would incorrectly be propagated up the call stack and be interpreted as a missing policy, which is a soft error, rather than an invalid policy, which is a hard error.  Depending on the circumstances, this could result in a fail-open scenario.
     10
     11 Workaround:: Verify the spelling of all policies.  When updating third-party modules (which will result in a brief window during which the module is missing), shut down affected services.
     12
     13 Fix:: Apply r795.