Download
| Alert*
ALAS-2016-770 ---- openssh, pam_ssh_agent_auth
It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.
|