` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated PAM packages available.
Advisory ID:       RHSA-2000:120-04
Issue date:        2000-11-29
Updated on:        2000-12-01
Product:           Red Hat Linux
Keywords:          PAM
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha
Red Hat Linux 7.0J - i386, alpha

3. Problem description:

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser.  Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow.  These updates remove this vulnerability and fix various other
bugs.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  ( for more info):

14740 - pam_cracklib: 'similiar()' broken
16456 - files missing from pam-0.72-20
18055 - Passwords can't be changed
20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example


6. RPMs required:

Red Hat Linux 6.0:

sparc: 

i386: 

alpha: 

sources: 

Red Hat Linux 6.1:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 6.2:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 7.0:

alpha: 

i386: 

sources: 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
bb1b95b6ecb575cf661829f88e204a3e  6.0/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.0/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.0/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.0/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.1/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.1/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.1/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.1/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.2/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.2/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.2/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.2/sparc/pam-0.72-20.6.x.sparc.rpm
9cb817f5daf291feeae03ea10b97f42b  7.0/SRPMS/pam-0.72-37.src.rpm
35b9f1e8b06a18f091fd7d9f4e61caa9  7.0/alpha/pam-0.72-37.alpha.rpm
9357b4322e4b08e140e7a5a1558fef48  7.0/i386/pam-0.72-37.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.
`

Redhat: 'pam' update

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Summary



Summary

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x bothincluded a new module, pam_localuser. Although this module is not used inany default configurations, the version included was vulnerable to a bufferoverflow. These updates remove this vulnerability and fix various otherbugs.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
14740 - pam_cracklib: 'similiar()' broken 16456 - files missing from pam-0.72-20 18055 - Passwords can't be changed 20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers21467 - /etc/security/access.conf error in example

6. RPMs required:
Red Hat Linux 6.0:
sparc:
i386:
alpha:
sources:
Red Hat Linux 6.1:
alpha:
sparc:
i386:
sources:
Red Hat Linux 6.2:
alpha:
sparc:
i386:
sources:
Red Hat Linux 7.0:
alpha:
i386:
sources:
7. Verification:
MD5 sum Package Name bb1b95b6ecb575cf661829f88e204a3e 6.0/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.0/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.0/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.0/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.1/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.1/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.1/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.1/sparc/pam-0.72-20.6.x.sparc.rpm bb1b95b6ecb575cf661829f88e204a3e 6.2/SRPMS/pam-0.72-20.6.x.src.rpm 7ea244b2447e4857421dd1a65ba966aa 6.2/alpha/pam-0.72-20.6.x.alpha.rpm e826a8c60ee167d70f33ef117d0c3742 6.2/i386/pam-0.72-20.6.x.i386.rpm 818881ffe3d0fd6912b06fa17f09416c 6.2/sparc/pam-0.72-20.6.x.sparc.rpm 9cb817f5daf291feeae03ea10b97f42b 7.0/SRPMS/pam-0.72-37.src.rpm 35b9f1e8b06a18f091fd7d9f4e61caa9 7.0/alpha/pam-0.72-37.alpha.rpm 9357b4322e4b08e140e7a5a1558fef48 7.0/i386/pam-0.72-37.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2000:120-04
Issued Date: : 2000-11-29
Updated on: 2000-12-01
Product: Red Hat Linux
Keywords: PAM
Cross references: N/A

Topic


Topic

Updated PAM packages are now available for Red Hat Linux 6.x and 7.


 

Relevant Releases Architectures

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2EE - i386, alpha, sparc

Red Hat Linux 7.0 - i386, alpha

Red Hat Linux 7.0J - i386, alpha


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved