` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated PAM packages available.
Advisory ID:       RHSA-2000:120-04
Issue date:        2000-11-29
Updated on:        2000-12-01
Product:           Red Hat Linux
Keywords:          PAM
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha
Red Hat Linux 7.0J - i386, alpha

3. Problem description:

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser.  Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow.  These updates remove this vulnerability and fix various other
bugs.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  ( for more info):

14740 - pam_cracklib: 'similiar()' broken
16456 - files missing from pam-0.72-20
18055 - Passwords can't be changed
20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example


6. RPMs required:

Red Hat Linux 6.0:

sparc: 

i386: 

alpha: 

sources: 

Red Hat Linux 6.1:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 6.2:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 7.0:

alpha: 

i386: 

sources: 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
bb1b95b6ecb575cf661829f88e204a3e  6.0/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.0/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.0/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.0/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.1/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.1/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.1/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.1/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.2/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.2/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.2/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.2/sparc/pam-0.72-20.6.x.sparc.rpm
9cb817f5daf291feeae03ea10b97f42b  7.0/SRPMS/pam-0.72-37.src.rpm
35b9f1e8b06a18f091fd7d9f4e61caa9  7.0/alpha/pam-0.72-37.alpha.rpm
9357b4322e4b08e140e7a5a1558fef48  7.0/i386/pam-0.72-37.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.
`

Redhat: 'pam' update

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Summary



Summary

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x bothincluded a new module, pam_localuser. Although this module is not used inany default configurations, the version included was vulnerable to a bufferoverflow. These updates remove this vulnerability and fix various otherbugs.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
14740 - pam_cracklib: 'similiar()' broken 16456 - files missing from pam-0.72-20 18055 - Passwords can't be changed 20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example

6. RPMs required:
Red Hat Linux 6.0:
sparc:
i386:
alpha:
sources:
Red Hat Linux 6.1:
alpha:
sparc:
i386:
sources:
Red Hat Linux 6.2:
alpha:
sparc:
i386:
sources:
Red Hat Linux 7.0:
alpha:
i386:
sources:
7. Verification:
MD5 sum Package Name bb1b95b6ecb575cf661829f88e204a3e 6.0/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.0/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.0/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.0/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.1/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.1/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.1/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.1/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.2/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.2/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.2/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.2/sparc/pam-0.72-20.6.x.sparc.rpm 9cb817f5daf291feeae03ea10b97f42b 7.0/SRPMS/pam-0.72-37.src.rpm 35b9f1e8b06a18f091fd7d9f4e61caa9 7.0/alpha/pam-0.72-37.alpha.rpm 9357b4322e4b08e140e7a5a1558fef48 7.0/i386/pam-0.72-37.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2000:120-04
Issued Date: : 2000-11-29
Updated on: 2000-12-01
Product: Red Hat Linux
Keywords: PAM
Cross references: N/A

Topic


Topic

Updated PAM packages are now available for Red Hat Linux 6.x and 7.


 

Relevant Releases Architectures

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2EE - i386, alpha, sparc

Red Hat Linux 7.0 - i386, alpha

Red Hat Linux 7.0J - i386, alpha


Bugs Fixed


Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved