CVE-2017-12197

NameCVE-2017-12197
DescriptionIt was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1165-1, DSA-4025-1
Debian Bugs879001

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpam4jsourcewheezy1.4-2+deb7u1DLA-1165-1
libpam4jsourcejessie1.4-2+deb8u1DSA-4025-1
libpam4jsourcestretch1.4-2+deb9u1DSA-4025-1
libpam4jsource(unstable)1.4-3879001

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1503103
https://github.com/kohsuke/libpam4j/issues/18
(Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
Search for package or bug name: Reporting problems