Описание
Security update for pam
This update for pam fixes the following issues:
- CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920).
- log a hint to syslog if /etc/nologin is present, but empty (bsc#1015565).
- If /etc/nologin is present, but empty, log a hint to syslog. (bsc#1015565)
- Added support for libowcrypt.so, if present, to configure support for BLOWFISH (bsc#1037824)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Desktop 12 SP2
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Server 12 SP1
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Server 12 SP2
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pam-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
pam-1.1.8-23.1
pam-32bit-1.1.8-23.1
pam-doc-1.1.8-23.1
SUSE Linux Enterprise Software Development Kit 12 SP1
pam-devel-1.1.8-23.1
SUSE Linux Enterprise Software Development Kit 12 SP2
pam-devel-1.1.8-23.1
Ссылки
- Link for SUSE-SU-2017:1398-1
- E-Mail link for SUSE-SU-2017:1398-1
- SUSE Security Ratings
- SUSE Bug 1015565
- SUSE Bug 1037824
- SUSE Bug 934920
- SUSE CVE CVE-2015-3238 page
Описание
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:pam-1.1.8-23.1
SUSE Linux Enterprise Desktop 12 SP1:pam-32bit-1.1.8-23.1
SUSE Linux Enterprise Desktop 12 SP1:pam-doc-1.1.8-23.1
SUSE Linux Enterprise Desktop 12 SP2:pam-1.1.8-23.1
Ссылки
- CVE-2015-3238
- SUSE Bug 1123794
- SUSE Bug 934920