Описание
ELSA-2024-10244: pam:1.5.1 security update (IMPORTANT)
[1.5.1-22.0.1]
- pam_access: clean up the remote host matching code [Orabug: 36771903]
- pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534]
[1.5.1-22]
- pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66245
[1.5.1-21]
- pam_unix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves: RHEL-62880
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
pam
1.5.1-22.0.1.el9_5
pam-devel
1.5.1-22.0.1.el9_5
pam-docs
1.5.1-22.0.1.el9_5
Oracle Linux x86_64
pam
1.5.1-22.0.1.el9_5
pam-devel
1.5.1-22.0.1.el9_5
pam-docs
1.5.1-22.0.1.el9_5
Связанные CVE
Связанные уязвимости
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
A flaw was found in pam_access, where certain rules in its configurati ...