Описание
ELSA-2024-10379: pam security update (IMPORTANT)
[1.3.1-36.0.1]
- pam_limits: fix use after free in pam_sm_open_session [Orabug: 36272695]
[1.3.1-36]
- pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66242
[1.3.1-35]
- pam_unix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves: RHEL-62877
- pam_access: always match local address and clarify LOCAL keyword behaviour. Resolves: RHEL-23018
- libpam: support long lines in service files. Resolves: RHEL-5051
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
pam
1.3.1-36.0.1.el8_10
pam-devel
1.3.1-36.0.1.el8_10
Oracle Linux x86_64
pam
1.3.1-36.0.1.el8_10
pam-devel
1.3.1-36.0.1.el8_10
Связанные CVE
Связанные уязвимости
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
