Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 21 PAM Security Update Moderate: CVE-2015-3238 DoS Issue

fedora
Calendar Grey July 3, 2015
Dist Fedora Esm H88
The latest security patch for PAM on Fedora 21 resolves a minor vulnerability associated with the processing of lengthy passwords.
Update fixing a minor security issue CVE-2015-3238.

Summary

PAM (Pluggable Authentication Modules) is a system security tool that

allows system administrators to set authentication policy without

having to recompile programs that handle authentication.

Update Information:

Update fixing a minor security issue CVE-2015-3238.

Topics%20covered

Topics Covered

security advisory fedora update doS authentication pam minor issue

Change Log

* Fri Jun 26 2015 Tomáš Mráz 1.1.8-19 - fix CVE-2015-3238 - minor security issue when handling long passwords * Fri Oct 17 2014 Tomáš Mráz 1.1.8-18 - use USER_MGMT type for auditing in the pam_tally2 and faillock apps (#1151576) * Thu Sep 11 2014 Tomáš Mráz 1.1.8-17 - update the audit-grantor patch with the upstream changes - pam_userdb: correct the example in man page (#1078784) - pam_limits: check whether the utmp login entry is valid (#1080023) - pam_console_apply: do not print error if console.perms.d is empty - pam_limits: nofile refers to open file descriptors (#1111220) - apply PIE and full RELRO to all binaries built

References


[ 1 ] Bug #1228571 - CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module https://bugzilla.redhat.com/show_bug.cgi?id=1228571

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pam' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: pam
Product: Fedora 21
Version: 1.1.8
Release: 19.fc21
URL: https://github.com/linux-pam/linux-pam
Summary: An extensible library which provides authentication for applications

Topics%20covered

Topics Covered

security advisory fedora update doS authentication pam minor issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here