Oracle Linux Security Advisory ELSA-2024-10379

http://linux.oracle.com/errata/ELSA-2024-10379.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
pam-1.3.1-36.0.1.el8_10.i686.rpm
pam-1.3.1-36.0.1.el8_10.x86_64.rpm
pam-devel-1.3.1-36.0.1.el8_10.i686.rpm
pam-devel-1.3.1-36.0.1.el8_10.x86_64.rpm

aarch64:
pam-1.3.1-36.0.1.el8_10.aarch64.rpm
pam-devel-1.3.1-36.0.1.el8_10.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//pam-1.3.1-36.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-10041
CVE-2024-10963




Description of changes:

[1.3.1-36.0.1]
- pam_limits: fix use after free in pam_sm_open_session [Orabug: 36272695]

[1.3.1-36]
- pam_access: rework resolving of tokens as hostname.
  Resolves: CVE-2024-10963 and RHEL-66242

[1.3.1-35]
- pam_unix: always run the helper to obtain shadow password file entries.
  CVE-2024-10041. Resolves: RHEL-62877
- pam_access: always match local address and clarify LOCAL keyword behaviour.
  Resolves: RHEL-23018
- libpam: support long lines in service files. Resolves: RHEL-5051


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-10379: pam security Important Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[1.3.1-36.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36272695] [1.3.1-36] - pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66242 [1.3.1-35] - pam_unix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves: RHEL-62877 - pam_access: always match local address and clarify LOCAL keyword behaviour. Resolves: RHEL-23018 - libpam: support long lines in service files. Resolves: RHEL-5051

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//pam-1.3.1-36.0.1.el8_10.src.rpm

x86_64

pam-1.3.1-36.0.1.el8_10.i686.rpm pam-1.3.1-36.0.1.el8_10.x86_64.rpm pam-devel-1.3.1-36.0.1.el8_10.i686.rpm pam-devel-1.3.1-36.0.1.el8_10.x86_64.rpm

aarch64

pam-1.3.1-36.0.1.el8_10.aarch64.rpm pam-devel-1.3.1-36.0.1.el8_10.aarch64.rpm

i386

Severity
Related CVEs: CVE-2024-10041 CVE-2024-10963

Related News