Synopsis: Moderate: pam security, bug fix, and enhancement update Issue Date: 2013-02-21 CVE Numbers: CVE-2011-3148 CVE-2011-3149 -- A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' "~/.pam_environment" files. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148) A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149) -- SL6 x86_64 pam-1.1.1-13.el6.i686.rpm pam-1.1.1-13.el6.x86_64.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm pam-devel-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.x86_64.rpm i386 pam-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.i686.rpm - Scientific Linux Development Team