pam-1.5.1-21.el9_5

エラータID: AXSA:2024-9471:07

Release date: 
Tuesday, December 24, 2024 - 12:57
Subject: 
pam-1.5.1-21.el9_5
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.

Security Fix(es):

* pam: libpam: Libpam vulnerable to read hashed password (CVE-2024-10041)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Solution: 

Update packages.

CVEs: 
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Additional Info: 

N/A

Download: 

SRPMS
  1. pam-1.5.1-21.el9_5.src.rpm
    MD5: b105bfa8bffdc77a82cec0274f5d373c
    SHA-256: a155ec30eb7b5b767c8b507248b1600dc26433c3dcd492a0b758b1830a5f05fe
    Size: 1.06 MB

Asianux Server 9 for x86_64
  1. pam-1.5.1-21.el9_5.i686.rpm
    MD5: b0056264996e0528627455f9bd641c16
    SHA-256: 041b62fa7a8e4510dae9cf29db8937f86214cde4a1cf3bb9f1e41509b4c2ccf5
    Size: 623.25 kB
  2. pam-1.5.1-21.el9_5.x86_64.rpm
    MD5: 88efb7c48555048cffedd483051a3577
    SHA-256: 7c6ba0c202574b62e57665aa9139511f33abf2d1fe1c2890ac2234bbc2f2db63
    Size: 601.64 kB
  3. pam-devel-1.5.1-21.el9_5.i686.rpm
    MD5: 912eee30aa08add6c9ccc5a2f0bb60e0
    SHA-256: 3474397a8c33c5c4f6c909cf4aba5413efc8c8fab33f5cd0c0f1302a1d0df43e
    Size: 163.52 kB
  4. pam-devel-1.5.1-21.el9_5.x86_64.rpm
    MD5: fd09a77e0b786229a6aa140f58fdb947
    SHA-256: 832e21ac8e237623f57d832ae326af162bde0f27e4e202c819aed933c50af5de
    Size: 163.53 kB
  5. pam-docs-1.5.1-21.el9_5.x86_64.rpm
    MD5: c24988fe838025a1f75c7e9c647993e4
    SHA-256: 2dc8e834808c694dc6cc0c0675ab138c4bac5f2a5a1bd469743c55ab6f74ab26
    Size: 129.00 kB