--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-10848
2015-06-27 09:58:16
--------------------------------------------------------------------------------

Name        : pam
Product     : Fedora 21
Version     : 1.1.8
Release     : 19.fc21
URL         : https://github.com/linux-pam/linux-pam
Summary     : An extensible library which provides authentication for applications
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

--------------------------------------------------------------------------------
Update Information:

Update fixing a minor security issue CVE-2015-3238.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 26 2015 Tomáš Mráz  1.1.8-19
- fix CVE-2015-3238 - minor security issue when handling long passwords
* Fri Oct 17 2014 Tomáš Mráz  1.1.8-18
- use USER_MGMT type for auditing in the pam_tally2 and faillock
  apps (#1151576)
* Thu Sep 11 2014 Tomáš Mráz  1.1.8-17
- update the audit-grantor patch with the upstream changes
- pam_userdb: correct the example in man page (#1078784)
- pam_limits: check whether the utmp login entry is valid (#1080023)
- pam_console_apply: do not print error if console.perms.d is empty
- pam_limits: nofile refers to open file descriptors (#1111220)
- apply PIE and full RELRO to all binaries built
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1228571 - CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module
        https://bugzilla.redhat.com/show_bug.cgi?id=1228571
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update pam' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 21: pam Security Update

July 3, 2015
Update fixing a minor security issue CVE-2015-3238.

Summary

PAM (Pluggable Authentication Modules) is a system security tool that

allows system administrators to set authentication policy without

having to recompile programs that handle authentication.

Update Information:

Update fixing a minor security issue CVE-2015-3238.

Change Log

* Fri Jun 26 2015 Tomáš Mráz 1.1.8-19 - fix CVE-2015-3238 - minor security issue when handling long passwords * Fri Oct 17 2014 Tomáš Mráz 1.1.8-18 - use USER_MGMT type for auditing in the pam_tally2 and faillock apps (#1151576) * Thu Sep 11 2014 Tomáš Mráz 1.1.8-17 - update the audit-grantor patch with the upstream changes - pam_userdb: correct the example in man page (#1078784) - pam_limits: check whether the utmp login entry is valid (#1080023) - pam_console_apply: do not print error if console.perms.d is empty - pam_limits: nofile refers to open file descriptors (#1111220) - apply PIE and full RELRO to all binaries built

References

[ 1 ] Bug #1228571 - CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module https://bugzilla.redhat.com/show_bug.cgi?id=1228571

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pam' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : pam
Product : Fedora 21
Version : 1.1.8
Release : 19.fc21
URL : https://github.com/linux-pam/linux-pam
Summary : An extensible library which provides authentication for applications

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved