Ubuntu Security Notice 1237-1 - Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Various other issues were also addressed.
803f5b8970a7e47d147397dbdf0c4bf081856862a7c224379f56106c8b403192