Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41 FEDORA-2024-4d4d946073 critical: pam access control issue

fedora
Calendar Grey November 29, 2024
Dist Fedora Esm H88
Fedora 41 has released a security advisory addressing a vulnerability related to PAM concerning hostname token resolution. Essential updates have been incorporated.
pam_access: rework resolving of tokens as hostname.

Summary

PAM (Pluggable Authentication Modules) is a system security tool that

allows system administrators to set authentication policy without

having to recompile programs that handle authentication.

Update Information:

pam_access: rework resolving of tokens as hostname.

Topics%20covered

Topics Covered

security advisory Fedora access control access issue authentication pam token resolution

Change Log

* Mon Nov 25 2024 Iker Pedrosa - 1.6.1-7 - pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and #2324300

References


[ 1 ] Bug #2324300 - CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2324300

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4d4d946073' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pam
Product: Fedora 41
Version: 1.6.1
Release: 7.fc41
URL: https://github.com/linux-pam/linux-pam/
Summary: An extensible library which provides authentication for applications

Topics%20covered

Topics Covered

security advisory Fedora access control access issue authentication pam token resolution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here