CVE-2019-16729 in Ubuntu

CVE-2019-16729

Priority

Description

pam-python before 1.0.7-1 has an issue in regard to the default environment
variable handling of Python, which could allow for local root escalation in
certain PAM setups.

Ubuntu-Description

Malte Kraus discovered that Pam-python mishandled certain environment
variables. A local attacker could potentially use this vulnerability to
execute programs as root.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16729
https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/
https://ubuntu.com/security/notices/USN-4552-1
https://ubuntu.com/security/notices/USN-4552-2
https://ubuntu.com/security/notices/USN-4552-3

Notes

Package

Source: pam-python (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.0.6-1.1+deb10u1build0.18.04.1)
Ubuntu 20.04 LTS:	not-affected (1.0.7-1)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 13:48:48 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)