Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Red Hat Enterprise Linux 4 RHSA-2007:0737-02 Moderate: PAM Security Fix

red hat
Calendar Grey November 15, 2007
Dist Redhat Esm H88
Recent security advisory from Pam regarding Red Hat highlights various bugs and vulnerabilities, aimed at boosting protective mechanisms. Comprehensive information accessible.
Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at


5. Bug IDs fixed (http://bugzilla.redhat.com/):

228980 - XAUTHORITY env var not reset on 'su -' 230823 - CVE-2007-1716 Ownership of devices not returned to root after logout from console 247797 - CVE-2007-3102 audit logging of failed logins 267201 - pam_cracklib.so disregards changes to last char when calculating similarity

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS: 280fdb2b65b60c9f4289efbf9362f246 pam-0.77-66.23.src.rpm

i386: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm

ia64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm c23638544883ca4eccc5ac7a34af78bc pam-0.77-66.23.ia64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 90fcc91636557a9c70a721e4d836f8dd pam-debuginfo-0.77-66.23.ia64.rpm e707127a2b6748373f521654333018e7 pam-devel-0.77-66.23.ia64.rpm

ppc: edb7fe8063315a76ef42285ec758fc49 pam-0.77-66.23.ppc.rpm a20e6dd507568b4e4d78734772d48013 pam-0.77-66.23.ppc64.rpm 45d2d248fbc8ffa2d8cbdaa232904b87 pam-debuginfo-0.77-66.23.ppc.rpm 331bdef816b228635bb5831343d4d03f pam-debuginfo-0.77-66.23.ppc64.rpm dff686e760e6db61bcd5e526dbc37415 pam-devel-0.77-66.23.ppc.rpm d60805d695d5f00b15dd61a2f4547fb4 pam-devel-0.77-66.23.ppc64.rpm

s390: 7e14ae2d5fae071fdc976b59d0bd7503 pam-0.77-66.23.s390.rpm 81b0d2a8642fda0e80109e9bcd93d981 pam-debuginfo-0.77-66.23.s390.rpm 1e69ba88bb46d7b087c65330b26140fa pam-devel-0.77-66.23.s390.rpm

s390x: 7e14ae2d5fae071fdc976b59d0bd7503 pam-0.77-66.23.s390.rpm 37d92cc5118f527d7257be350edc8934 pam-0.77-66.23.s390x.rpm 81b0d2a8642fda0e80109e9bcd93d981 pam-debuginfo-0.77-66.23.s390.rpm 0f3d8a73291ad04c89cce34f32a1589c pam-debuginfo-0.77-66.23.s390x.rpm 1e69ba88bb46d7b087c65330b26140fa pam-devel-0.77-66.23.s390.rpm 5e7853af7d8905b4375f68bca57da149 pam-devel-0.77-66.23.s390x.rpm

x86_64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm 03ec1abab5c5ab9395d59b70c7f4ec36 pam-0.77-66.23.x86_64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 0a8738a21ed748b168cc9f55a61ab423 pam-debuginfo-0.77-66.23.x86_64.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm 1e5df76e71f24d346b4bd55e00cdaf0c pam-devel-0.77-66.23.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: 280fdb2b65b60c9f4289efbf9362f246 pam-0.77-66.23.src.rpm

i386: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm

x86_64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm 03ec1abab5c5ab9395d59b70c7f4ec36 pam-0.77-66.23.x86_64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 0a8738a21ed748b168cc9f55a61ab423 pam-debuginfo-0.77-66.23.x86_64.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm 1e5df76e71f24d346b4bd55e00cdaf0c pam-devel-0.77-66.23.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: 280fdb2b65b60c9f4289efbf9362f246 pam-0.77-66.23.src.rpm

i386: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm

ia64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm c23638544883ca4eccc5ac7a34af78bc pam-0.77-66.23.ia64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 90fcc91636557a9c70a721e4d836f8dd pam-debuginfo-0.77-66.23.ia64.rpm e707127a2b6748373f521654333018e7 pam-devel-0.77-66.23.ia64.rpm

x86_64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm 03ec1abab5c5ab9395d59b70c7f4ec36 pam-0.77-66.23.x86_64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 0a8738a21ed748b168cc9f55a61ab423 pam-debuginfo-0.77-66.23.x86_64.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm 1e5df76e71f24d346b4bd55e00cdaf0c pam-devel-0.77-66.23.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: 280fdb2b65b60c9f4289efbf9362f246 pam-0.77-66.23.src.rpm

i386: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm

ia64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm c23638544883ca4eccc5ac7a34af78bc pam-0.77-66.23.ia64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 90fcc91636557a9c70a721e4d836f8dd pam-debuginfo-0.77-66.23.ia64.rpm e707127a2b6748373f521654333018e7 pam-devel-0.77-66.23.ia64.rpm

x86_64: f83fa911b83700f7767907e20d7c4d45 pam-0.77-66.23.i386.rpm 03ec1abab5c5ab9395d59b70c7f4ec36 pam-0.77-66.23.x86_64.rpm e9c41fa27b60845f56e15d63ac1335d0 pam-debuginfo-0.77-66.23.i386.rpm 0a8738a21ed748b168cc9f55a61ab423 pam-debuginfo-0.77-66.23.x86_64.rpm 7568bb0d75d41951a3956e1128787e78 pam-devel-0.77-66.23.i386.rpm 1e5df76e71f24d346b4bd55e00cdaf0c pam-devel-0.77-66.23.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-1716 https://www.cve.org/CVERecord?id=CVE-2007-3102 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0737-02
Issue date: 2007-11-15
Updated on: 2007-11-15
Product: Red Hat Enterprise Linux
Keywords: limits audit device ownership xauthority priority tally

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here