Bug Fix Advisory pam bug fix and enhancement update

Advisory: RHBA-2008:0707-4
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2008-07-24
Last updated on: 2008-07-24
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A

Details

Updated pam packages that fix several bugs and add an enhancement are now
available.

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies, without having to
recompile programs that handle authentication.

These updated packages fix the following bugs:

* the pam_time module always failed when tty was not set by the calling
service. For example, it was not possible to use the pam_time module with
the vsftpd service. In these updated packages, pam_time sets tty to '""'
when it is not set by the service, which resolves this issue.

* on 64-bit architectures, incorrect data was read from lastlog, causing
ctime to return "NULL". This resulted in the pam_lastlog module causing
a segmentation fault. In these updated packages, the correct data is read
from lastlog, which resolves this issue.

* when tty was not set by the calling service, the pam_access module did
not match the "LOCAL" keyword in "/etc/security/access.conf". In these
situations, access was denied, instead of permitted.

* "security/pam_appl.h" did not define "PAM_AUTHTOK_RECOVERY_ERR".

As well, glibc now allows SHA-256 and SHA-512 password hashes. As such,
pam has been updated to support the SHA-256 and SHA-512 hashes in
"/etc/passwd" and "/etc/shadow".

Users of pam are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
pam-0.77-66.25.src.rpm     3bae7038da455ecd71426593ad0dc7d2
 
IA-32:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
 
x86_64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.x86_64.rpm     c7dd7b4933b96e5066c4bbcef32a6e2c
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
pam-devel-0.77-66.25.x86_64.rpm     37ae6ca5d8e887e7221515ee6638bc7b
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
pam-0.77-66.25.src.rpm     3bae7038da455ecd71426593ad0dc7d2
 
IA-32:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
 
IA-64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.ia64.rpm     e7ed6c30cd69d57517fed5a09ab6ce5a
pam-devel-0.77-66.25.ia64.rpm     4c0988effd8330d941f740fa0ca2b125
 
PPC:
pam-0.77-66.25.ppc.rpm     49b717ba659ada66c6e6101647105544
pam-0.77-66.25.ppc64.rpm     e11545bc156dd04a2ca476792395cb86
pam-devel-0.77-66.25.ppc.rpm     ba183501c0f1c1b68bc5a26683febec4
pam-devel-0.77-66.25.ppc64.rpm     9fc7ec42cc4bbc5f058ca8e79ee54689
 
s390:
pam-0.77-66.25.s390.rpm     6a61640212fcbe46f6859639de01892e
pam-devel-0.77-66.25.s390.rpm     f70ddf0fa63dd4df003c33292b9873fa
 
s390x:
pam-0.77-66.25.s390.rpm     6a61640212fcbe46f6859639de01892e
pam-0.77-66.25.s390x.rpm     5d129a701060f961cf090b0a6975fe4b
pam-devel-0.77-66.25.s390.rpm     f70ddf0fa63dd4df003c33292b9873fa
pam-devel-0.77-66.25.s390x.rpm     9636793196b87479c6166200076ed310
 
x86_64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.x86_64.rpm     c7dd7b4933b96e5066c4bbcef32a6e2c
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
pam-devel-0.77-66.25.x86_64.rpm     37ae6ca5d8e887e7221515ee6638bc7b
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
pam-0.77-66.25.src.rpm     3bae7038da455ecd71426593ad0dc7d2
 
IA-32:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
 
IA-64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.ia64.rpm     e7ed6c30cd69d57517fed5a09ab6ce5a
pam-devel-0.77-66.25.ia64.rpm     4c0988effd8330d941f740fa0ca2b125
 
x86_64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.x86_64.rpm     c7dd7b4933b96e5066c4bbcef32a6e2c
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
pam-devel-0.77-66.25.x86_64.rpm     37ae6ca5d8e887e7221515ee6638bc7b
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
pam-0.77-66.25.src.rpm     3bae7038da455ecd71426593ad0dc7d2
 
IA-32:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
 
IA-64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.ia64.rpm     e7ed6c30cd69d57517fed5a09ab6ce5a
pam-devel-0.77-66.25.ia64.rpm     4c0988effd8330d941f740fa0ca2b125
 
x86_64:
pam-0.77-66.25.i386.rpm     1dbbbee567cc25d2a4543180007b7f3e
pam-0.77-66.25.x86_64.rpm     c7dd7b4933b96e5066c4bbcef32a6e2c
pam-devel-0.77-66.25.i386.rpm     a7c1e1641cacd1f72b79a30d3ce8cc8d
pam-devel-0.77-66.25.x86_64.rpm     37ae6ca5d8e887e7221515ee6638bc7b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

308651 - pam_stack.so service=system-auth behaving differently compared to explicit setting of configuration
371391 - Including <security/pam_appl.h> should define PAM_AUTHTOK_RECOVERY_ERR


Keywords

access, hash, password, sha256, sha512, time, tty

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/