A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to cause the application to enter an infinite loop