Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Dovecot (141)

debian (8034)

denial of service (18299)

important (27751)

information leak (1384)

security advisory (114945)

critical (18622)

gsasl (5)

security update (9017)

SuSE (3977)

SuSE (1)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -7 articles for you...

100

security advisorymoderateglibc

openSUSE: 2011:035 moderate: glibc password hashing issue

The implementation of the blowfish based password hashing method had The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute force methods (CVE-2011-2483). SUSE's crypt() implementation suppor [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: glibc,pam-modules,libxcrypt,pwdutils Announcement ID: SUSE-SA:2011:035 Date: Tue, 23 Aug 2011 13:00:00 +0000 Affected Products: openSUSE 11.3 openSUSE 11.4 SUSE SLES 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 SUSE Linux Enterprise Server 10 SP4 Vulnerability Type: weak password hashing algorithm CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2483 Content of This Advisory: 1) Security Vulnerability Resolved: glibc security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities,Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New password hashes are created with the id "$2y" to unambiguously identify them as generated with the correct implementation. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ: Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the "$2a" prefix of the affected users' hashes to "$2x". They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes To actually migrate hashes to the new algorithm all users with 8bit characters in passwords must change passwords after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.4: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-devel-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-html-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-i18ndata-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-info-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-locale-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-obsolete-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/glibc-profile-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/libxcrypt-3.0.3-9.10.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/libxcrypt-devel-3.0.3-9.10.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/nscd-2.11.3-12.17.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/pam-modules-11.4-3.4.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/pwdutils-3.2.14-4.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/pwdutils-plugin-audit-3.2.14-4.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i586/pwdutils-rpasswd-3.2.14-4.5.1.i586.rpm openSUSE 11.3: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-devel-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-html-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-i18ndata-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-info-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-locale-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-obsolete-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/glibc-profile-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/libxcrypt-3.0.3-5.3.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/libxcrypt-devel-3.0.3-5.3.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/nscd-2.11.2-3.5.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/pam-modules-11.3-0.3.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/pwdutils-3.2.10-2.3.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/pwdutils-plugin-audit-3.2.10-2.3.1.i586.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i586/pwdutils-rpasswd-3.2.10-2.3.1.i586.rpm x86 Platform: openSUSE 11.4: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i686/glibc-2.11.3-12.17.1.i686.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/i686/glibc-devel-2.11.3-12.17.1.i686.rpm openSUSE 11.3: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i686/glibc-2.11.2-3.5.1.i686.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/i686/glibc-devel-2.11.2-3.5.1.i686.rpm x86-64 Platform: openSUSE 11.4: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-32bit-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-devel-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-devel-32bit-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-html-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-i18ndata-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-info-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-locale-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-locale-32bit-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-obsolete-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-profile-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/glibc-profile-32bit-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/libxcrypt-3.0.3-9.10.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/libxcrypt-32bit-3.0.3-9.10.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/libxcrypt-devel-3.0.3-9.10.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/nscd-2.11.3-12.17.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pam-modules-11.4-3.4.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pam-modules-32bit-11.4-3.4.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pwdutils-3.2.14-4.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pwdutils-plugin-audit-3.2.14-4.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pwdutils-rpasswd-3.2.14-4.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/x86_64/pwdutils-rpasswd-32bit-3.2.14-4.5.1.x86_64.rpm openSUSE 11.3: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-32bit-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-devel-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-devel-32bit-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-html-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-i18ndata-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-info-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-locale-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-locale-32bit-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-obsolete-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-profile-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/glibc-profile-32bit-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/libxcrypt-3.0.3-5.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/libxcrypt-32bit-3.0.3-5.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/libxcrypt-devel-3.0.3-5.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/nscd-2.11.2-3.5.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pam-modules-11.3-0.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pam-modules-32bit-11.3-0.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pwdutils-3.2.10-2.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pwdutils-plugin-audit-3.2.10-2.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pwdutils-rpasswd-3.2.10-2.3.1.x86_64.rpm http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/x86_64/pwdutils-rpasswd-32bit-3.2.10-2.3.1.x86_64.rpm Sources: openSUSE 11.4: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.4/rpm/src/pwdutils-3.2.14-4.5.1.src.rpm openSUSE 11.3: http://ftp5.gwdg.de/pub/opensuse/discontinued/update/11.3/rpm/src/pwdutils-3.2.10-2.3.1.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP1 Open Enterprise Server Novell Linux POS 9 SUSE SLES 9 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ==================================================================== SUSE'ssecurity contact is or . The public key is listed below. ==================================================================== . SUSE has announced an important security patch for glibc and pam-modules, addressing a vulnerability in password hashing that affects certain special characters.. Password Hashing, OpenSUSE, Security Update, Glibc, Pam Modules. . LinuxSecurity.com Team

Aug 23, 2011 SuSE

security advisorymoderatesecurity issue

Red Hat: RHSA-2010:0819-01 Moderate: Pam Security Update

Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pam security update Advisory ID: RHSA-2010:0819-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0819.html Issue date: 2010-11-01 CVE Names: CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 ==================================================================== 1. Summary: Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module usedroot privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls 641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges 643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm x86_64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.x86_64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm x86_64: pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm ia64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.ia64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ia64.rpm pam-devel-0.99.6.2-6.el5_5.2.ia64.rpm ppc: pam-0.99.6.2-6.el5_5.2.ppc.rpm pam-0.99.6.2-6.el5_5.2.ppc64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ppc.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ppc64.rpm pam-devel-0.99.6.2-6.el5_5.2.ppc.rpm pam-devel-0.99.6.2-6.el5_5.2.ppc64.rpm s390x: pam-0.99.6.2-6.el5_5.2.s390.rpm pam-0.99.6.2-6.el5_5.2.s390x.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.s390.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.s390x.rpm pam-devel-0.99.6.2-6.el5_5.2.s390.rpm pam-devel-0.99.6.2-6.el5_5.2.s390x.rpm x86_64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.x86_64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3316 https://access.redhat.com/security/cve/CVE-2010-3435 https://access.redhat.com/security/cve/CVE-2010-3853 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMzxqFXlSAg2UNWIIRArfBAJ9qcKIF/IydoOYO6Ol3sJXkRoCtFwCfYCuV GH2MTJIBmimm9XsTiJvPTJI=22g0 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat releases patches for pam components to fix three security vulnerabilities with moderate severity in Enterprise Linux 5.. pam security update, Red Hat Enterprise,authentication policies. . LinuxSecurity.com Team

Nov 01, 2010 Red Hat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

openSUSE: 2011:035 moderate: glibc password hashing issue

Red Hat: RHSA-2010:0819-01 Moderate: Pam Security Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!