Debian 11 bullseye: DLA-4040-1 pam-u2f critical authentication bypass

debian lts

February 3, 2025

Matthias Gerstner reported that pam-u2f, a PAM module which allows to use U2F (Universal 2nd Factor) devices in the PAM authentication stack, does not properly handle PAM_IGNORE re...

Topics Covered

security advisory debian authentication bypass pam-u2f second factor

Summary

For Debian 11 bullseye, this problem has been fixed in version
1.1.0-1.1+deb11u1.

We recommend that you upgrade your pam-u2f packages.

For the detailed security status of pam-u2f please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pam-u2f

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity

critical

Lowest

Low

Medium

High

Critical

Package: pam-u2f

Version: 1.1.0-1.1+deb11u1

CVE ID: CVE-2025-23013

Topics Covered

security advisory debian authentication bypass pam-u2f second factor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Debian 11 bullseye: DLA-4040-1 pam-u2f critical authentication bypass

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Debian 11 bullseye: DLA-4040-1 pam-u2f critical authentication bypass

Topics Covered

Summary

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!