Malte Kraus discovered that libpam-python, a PAM module allowing PAM
modules to be written in Python, didn't sanitise environment variables
which could result in local privilege escalation if used with a
For the oldstable distribution (stretch), this problem has been fixed
in version 1.0.6-1.1+deb9u1.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your pam-python packages.