The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed .