Changes between Version 6 and Version 7 of Errata


Ignore:
Timestamp:
Jun 4, 2014, 2:24:20 PM (7 years ago)
Author:
Dag-Erling Smørgrav
Comment:

CVE-2014-3879

Legend:

Unmodified
Added
Removed
Modified
  • Errata

    v6 v7  
    11[[TOC(noheading)]]
    22= Errata =
     3
     4== Policy loading ==
     5
     6 Date:: 2014-06-02
     7
     8 Affects:: [[Releases/Nummularia|Nummularia]] and [[Releases/Micrampelis|Micrampelis]]
     9
     10 References:: http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879
     11
     12 Description:: When loading a module or processing an include directive, an {{{ENOENT}}} (file not found) error would incorrectly be propagated up the call stack and be interpreted as a missing policy, which is a soft error, rather than an invalid policy, which is a hard error.  Depending on the circumstances, this could result in a fail-open scenario.
     13
     14 Workaround:: Verify the spelling of all policies.  When updating third-party modules (which will result in a brief window during which the module is missing), shut down affected services.
     15
     16 Fix:: Apply r795.
    317
    418== Character classification ==