Stay Secure with the Latest Linux Advisories

security advisoryFedoraaccess control

Fedora 41 FEDORA-2024-4d4d946073 critical: pam access control issue

pam_access: rework resolving of tokens as hostname.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-4d4d946073 2024-11-29 03:29:16.747998+00:00 -------------------------------------------------------------------------------- Name : pam Product : Fedora 41 Version : 1.6.1 Release : 7.fc41 URL : https://github.com/linux-pam/linux-pam/ Summary : An extensible library which provides authentication for applications Description : PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. -------------------------------------------------------------------------------- Update Information: pam_access: rework resolving of tokens as hostname. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 25 2024 Iker Pedrosa - 1.6.1-7 - pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and #2324300 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324300 - CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2324300 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4d4d946073' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 41 has released a security advisory addressing a vulnerability related to PAM concerning hostname token resolution. Essential updates have been incorporated.. pam access control, Fedora updates, authentication vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Nov 29, 2024 •Critical Fedora