pam-1.3.1-33.el8
エラータID: AXSA:2024-8171:02
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* pam: allowing unprivileged user to block another user namespace (CVE-2024-22365)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.
CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Update packages.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
N/A
SRPMS
- pam-1.3.1-33.el8.src.rpm
MD5: ca4d7e6be06a5376423b357464e48059
SHA-256: b3f2466209ba0eed01e58b31c2a6b177dccc167bdb5d0f9405c55db1e4522890
Size: 1.10 MB
Asianux Server 8 for x86_64
- pam-1.3.1-33.el8.i686.rpm
MD5: 6d077d902faa1b0aac3969f161d827b4
SHA-256: acf1928b82da96fce57a7179707b8fcc8f671b04e88356ebb127ac2130b3be07
Size: 766.03 kB - pam-1.3.1-33.el8.x86_64.rpm
MD5: f10bd195066a93294223c74333d93bc9
SHA-256: dd9813ba97e2a6e645ad7005a25638dad55600d2e1163105172affd99f4d2406
Size: 745.33 kB - pam-devel-1.3.1-33.el8.i686.rpm
MD5: 81f84c9fdca783246ff5a7ce73484ed7
SHA-256: 302ddd206749e3f283b342f5a9feeac993e4d1e6be4f0d899136b6a97aedfbc9
Size: 210.50 kB - pam-devel-1.3.1-33.el8.x86_64.rpm
MD5: 9e96e14e93fb9c96d28946fe856b944e
SHA-256: f786dd27603e31c6da1afaaed0358a634611135086c3cf506fca9436876b0a49
Size: 210.49 kB
日本語