Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Scientific Linux 7 Moderate: SLSA-2015:1640-1 PAM Denial of Service

Scientific Large Esm H446
Moderate: pam security update
Date: Tue, 18 Aug 2015 08:51:57 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0
Message-ID: <55D3387D.6@fnal.gov>

The following FASTBUGS have been uploaded to

x86_64:
filesystem-3.2-20.el7.x86_64.rpm
kmod-openafs-1.6-sl-229-1.6.14-218.sl7.229.1.2.x86_64.rpm
openafs-1.6-sl-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-authlibs-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-authlibs-devel-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-client-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-compat-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-devel-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-kernel-source-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-kpasswd-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-krb5-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-module-tools-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-plumbing-tools-1.6.14-218.sl7.x86_64.rpm
openafs-1.6-sl-server-1.6.14-218.sl7.x86_64.rpm
perl-Test-Harness-3.28-3.el7.noarch.rpm
perl-Test-Pod-Coverage-1.08-21.el7.noarch.rpm
perl-Test-Warn-0.24-6.el7.noarch.rpm
phonon-4.6.0-10.el7.i686.rpm
phonon-4.6.0-10.el7.x86_64.rpm
phonon-devel-4.6.0-10.el7.i686.rpm
phonon-devel-4.6.0-10.el7.x86_64.rpm
python-setuptools-0.9.8-4.el7.noarch.rpm
python-sphinx-1.1.3-9.el7.noarch.rpm
python-sphinx-doc-1.1.3-9.el7.noarch.rpm
python-sqlalchemy-0.9.8-1.el7.x86_64.rpm
screen-4.1.0-0.21.20120314git3c2946.el7.x86_64.rpm
setup-2.8.71-6.el7.noarch.rpm
tzdata-2015f-1.el7.noarch.rpm
tzdata-java-2015f-1.el7.noarch.rpm
xz-5.1.2-12alpha.el7.x86_64.rpm
xz-compat-libs-5.1.2-12alpha.el7.i686.rpm
xz-compat-libs-5.1.2-12alpha.el7.x86_64.rpm
xz-devel-5.1.2-12alpha.el7.i686.rpm
xz-devel-5.1.2-12alpha.el7.x86_64.rpm
xz-libs-5.1.2-12alpha.el7.i686.rpm
xz-libs-5.1.2-12alpha.el7.x86_64.rpm
xz-lzma-compat-5.1.2-12alpha.el7.x86_64.rpm
Date: Wed, 19 Aug 2015 13:13:57 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: pam on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150819131357.9753.29295@slpackages.fnal.gov>

Synopsis: Moderate: pam security update
Advisory ID: SLSA-2015:1640-1
Issue Date: 2015-08-18
CVE Numbers: CVE-2015-3238
--

It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large
passwords to the unix_pam module could use this flaw to enumerate valid
user accounts, or cause a denial of service on the system. (CVE-2015-3238)
--

SL6
 x86_64
 pam-1.1.1-20.el6_7.1.i686.rpm
 pam-1.1.1-20.el6_7.1.x86_64.rpm
 pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
 pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
 pam-devel-1.1.1-20.el6_7.1.i686.rpm
 pam-devel-1.1.1-20.el6_7.1.x86_64.rpm
 i386
 pam-1.1.1-20.el6_7.1.i686.rpm
 pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
 pam-devel-1.1.1-20.el6_7.1.i686.rpm
SL7
 x86_64
 pam-1.1.8-12.el7_1.1.i686.rpm
 pam-1.1.8-12.el7_1.1.x86_64.rpm
 pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
 pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
 pam-devel-1.1.8-12.el7_1.1.i686.rpm
 pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

- Scientific Linux Development Team