Ubuntu Security Notice 2710-1 - Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. Various other issues were also addressed. Continue reading...
