Debian Linux Security Advisory 2326-1 - Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service.
771fcceaab3f6197448e1213947aed4e74dbd5266078d423cdce7c53e7d97c25