Stay Secure with the Latest Linux Advisories

security advisorymoderatedenial of service

Scientific Linux 7 Moderate: SLSA-2015:1640-1 PAM Denial of Service

Moderate: pam security update. Date: Tue, 18 Aug 2015 08:51:57 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 7x x86_64 now available MIME-Version: 1.0 Message-ID: The following FASTBUGS have been uploaded to x86_64: filesystem-3.2-20.el7.x86_64.rpm kmod-openafs-1.6-sl-229-1.6.14-218.sl7.229.1.2.x86_64.rpm openafs-1.6-sl-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-authlibs-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-authlibs-devel-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-client-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-compat-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-devel-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-kernel-source-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-kpasswd-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-krb5-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-module-tools-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-plumbing-tools-1.6.14-218.sl7.x86_64.rpm openafs-1.6-sl-server-1.6.14-218.sl7.x86_64.rpm perl-Test-Harness-3.28-3.el7.noarch.rpm perl-Test-Pod-Coverage-1.08-21.el7.noarch.rpm perl-Test-Warn-0.24-6.el7.noarch.rpm phonon-4.6.0-10.el7.i686.rpm phonon-4.6.0-10.el7.x86_64.rpm phonon-devel-4.6.0-10.el7.i686.rpm phonon-devel-4.6.0-10.el7.x86_64.rpm python-setuptools-0.9.8-4.el7.noarch.rpm python-sphinx-1.1.3-9.el7.noarch.rpm python-sphinx-doc-1.1.3-9.el7.noarch.rpm python-sqlalchemy-0.9.8-1.el7.x86_64.rpm screen-4.1.0-0.21.20120314git3c2946.el7.x86_64.rpm setup-2.8.71-6.el7.noarch.rpm tzdata-2015f-1.el7.noarch.rpm tzdata-java-2015f-1.el7.noarch.rpm xz-5.1.2-12alpha.el7.x86_64.rpm xz-compat-libs-5.1.2-12alpha.el7.i686.rpm xz-compat-libs-5.1.2-12alpha.el7.x86_64.rpm xz-devel-5.1.2-12alpha.el7.i686.rpm xz-devel-5.1.2-12alpha.el7.x86_64.rpm xz-libs-5.1.2-12alpha.el7.i686.rpm xz-libs-5.1.2-12alpha.el7.x86_64.rpm xz-lzma-compat-5.1.2-12alpha.el7.x86_64.rpm Date: Wed, 19 Aug 2015 13:13:57 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: pam onSL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: pam security update Advisory ID: SLSA-2015:1640-1 Issue Date: 2015-08-18 CVE Numbers: CVE-2015-3238 -- It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. (CVE-2015-3238) -- SL6 x86_64 pam-1.1.1-20.el6_7.1.i686.rpm pam-1.1.1-20.el6_7.1.x86_64.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.x86_64.rpm i386 pam-1.1.1-20.el6_7.1.i686.rpm pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm pam-devel-1.1.1-20.el6_7.1.i686.rpm SL7 x86_64 pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64.rpm - Scientific Linux Development Team . An enhancement has been released for libxml2 in CentOS addressing a possible system stall vulnerability impacting version 6.x and 7.x.. pam Security Update, Scientific Linux Advisory, Denial of Service Fix. . LinuxSecurity.com Team

Aug 19, 2015 Scientific Linux