Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Red Hat: RHSA-2000:120-04 Critical: PAM Buffer Overflow Fix

Calendar Dec 01, 2000 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat Linux security issue buffer overflow critical package update PAM packages
Updated PAM packages are now available for Red Hat Linux 6.x and 7. ` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated PAM packages available.
Advisory ID:       RHSA-2000:120-04
Issue date:        2000-11-29
Updated on:        2000-12-01
Product:           Red Hat Linux
Keywords:          PAM
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha
Red Hat Linux 7.0J - i386, alpha

3. Problem description:

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser.  Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow.  These updates remove this vulnerability and fix various other
bugs.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  ( for more info):

14740 - pam_cracklib: 'similiar()' broken
16456 - files missing from pam-0.72-20
18055 - Passwords can't be changed
20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example


6. RPMs required:

Red Hat Linux 6.0:

sparc: 

i386: 

alpha: 

sources: 

Red Hat Linux 6.1:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 6.2:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 7.0:

alpha: 

i386: 

sources: 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
bb1b95b6ecb575cf661829f88e204a3e  6.0/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.0/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.0/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.0/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.1/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.1/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.1/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.1/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.2/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.2/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.2/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.2/sparc/pam-0.72-20.6.x.sparc.rpm
9cb817f5daf291feeae03ea10b97f42b  7.0/SRPMS/pam-0.72-37.src.rpm
35b9f1e8b06a18f091fd7d9f4e61caa9  7.0/alpha/pam-0.72-37.alpha.rpm
9357b4322e4b08e140e7a5a1558fef48  7.0/i386/pam-0.72-37.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.
`

Red Hat: RHSA-2000:120-04 Critical: PAM Buffer Overflow Fix

red hat
Calendar Grey December 1, 2000
Dist Redhat Esm H88
Recent PAM improvements tackle a significant memory overflow flaw and bolster security measures for Red Hat Linux versions 6.x and 7, as outlined in advisory RHSA-2000:120-05.
Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

14740 - pam_cracklib: 'similiar()' broken 16456 - files missing from pam-0.72-20 18055 - Passwords can't be changed 20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example


6. RPMs required:

Red Hat Linux 6.0:

sparc:

i386:

alpha:

sources:

Red Hat Linux 6.1:

alpha:

sparc:

i386:

sources:

Red Hat Linux 6.2:

alpha:

sparc:

i386:

sources:

Red Hat Linux 7.0:

alpha:

i386:

sources:

7. Verification:

MD5 sum Package Name bb1b95b6ecb575cf661829f88e204a3e 6.0/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.0/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.0/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.0/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.1/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.1/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.1/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.1/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.2/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.2/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.2/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.2/sparc/pam-0.72-20.6.x.sparc.rpm 9cb817f5daf291feeae03ea10b97f42b 7.0/SRPMS/pam-0.72-37.src.rpm 35b9f1e8b06a18f091fd7d9f4e61caa9 7.0/alpha/pam-0.72-37.alpha.rpm 9357b4322e4b08e140e7a5a1558fef48 7.0/i386/pam-0.72-37.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

Topics%20covered

Topics Covered

security advisory Red Hat Linux security issue buffer overflow critical package update PAM packages

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:120-04
Issue date: 2000-11-29
Updated on: 2000-12-01
Product: Red Hat Linux
Keywords: PAM
Cross references: N/A

Topic

Topics%20covered

Topics Covered

security advisory Red Hat Linux security issue buffer overflow critical package update PAM packages

Relevant Releases Architectures

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2EE - i386, alpha, sparc

Red Hat Linux 7.0 - i386, alpha

Red Hat Linux 7.0J - i386, alpha

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here