Описание
ELSA-2024-3163: pam security update (MODERATE)
[1.3.1-33]
- pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242
[1.3.1-32]
- pam_access: handle hostnames in access.conf. Resolves: RHEL-3374
[1.3.1-31]
- pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-19810
[1.3.1-30]
- pam_unix: enable bcrypt. Resolves: RHEL-5057
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
pam
1.3.1-33.el8
pam-devel
1.3.1-33.el8
Oracle Linux x86_64
pam
1.3.1-33.el8
pam-devel
1.3.1-33.el8
Связанные CVE
Связанные уязвимости
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...