Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40: FEDORA-2024-45478608e2 moderate: pam access control issue

fedora
Calendar Grey December 6, 2024
Dist Fedora Esm H88
The pam package for Fedora 40 has undergone an update that resolves access control bypass vulnerabilities, as detailed in advisory FEDORA-2024-45478608e2, which outlines critical improvements.
pam_access: rework resolving of tokens as hostname.

Summary

PAM (Pluggable Authentication Modules) is a system security tool that

allows system administrators to set authentication policy without

having to recompile programs that handle authentication.

Update Information:

pam_access: rework resolving of tokens as hostname.

Topics%20covered

Topics Covered

security advisory security update Fedora access control pam

Change Log

* Thu Nov 28 2024 Iker Pedrosa - 1.6.1-5 - pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and #2324299

References


[ 1 ] Bug #2324299 - CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2324299

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-45478608e2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: pam
Product: Fedora 40
Version: 1.6.1
Release: 5.fc40
URL: https://github.com/linux-pam/linux-pam/
Summary: An extensible library which provides authentication for applications

Topics%20covered

Topics Covered

security advisory security update Fedora access control pam

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here