- Issued:
- 2008-07-24
- Updated:
- 2008-07-24
RHBA-2008:0707 - Bug Fix Advisory
Synopsis
pam bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated pam packages that fix several bugs and add an enhancement are now
available.
Description
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies, without having to
recompile programs that handle authentication.
These updated packages fix the following bugs:
- the pam_time module always failed when tty was not set by the calling
service. For example, it was not possible to use the pam_time module with
the vsftpd service. In these updated packages, pam_time sets tty to '""'
when it is not set by the service, which resolves this issue.
- on 64-bit architectures, incorrect data was read from lastlog, causing
ctime to return "NULL". This resulted in the pam_lastlog module causing
a segmentation fault. In these updated packages, the correct data is read
from lastlog, which resolves this issue.
- when tty was not set by the calling service, the pam_access module did
not match the "LOCAL" keyword in "/etc/security/access.conf". In these
situations, access was denied, instead of permitted.
- "security/pam_appl.h" did not define "PAM_AUTHTOK_RECOVERY_ERR".
As well, glibc now allows SHA-256 and SHA-512 password hashes. As such,
pam has been updated to support the SHA-256 and SHA-512 hashes in
"/etc/passwd" and "/etc/shadow".
Users of pam are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 308651 - pam_stack.so service=system-auth behaving differently compared to explicit setting of configuration
- BZ - 371391 - Including <security/pam_appl.h> should define PAM_AUTHTOK_RECOVERY_ERR
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
pam-0.77-66.25.src.rpm | SHA-256: ca70f5f089a30c72da0a45be0406d0d691734e768c6a7934e80a6c6676bd9939 |
x86_64 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.x86_64.rpm | SHA-256: cadc81e17e21a64fed594d3b9a6723327acb224780a3eec75319236717682468 |
pam-0.77-66.25.x86_64.rpm | SHA-256: cadc81e17e21a64fed594d3b9a6723327acb224780a3eec75319236717682468 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
pam-devel-0.77-66.25.x86_64.rpm | SHA-256: 77d649dc5a9fd45069218d7b7c30edf8542391444999debcadb97c6200f8fee0 |
pam-devel-0.77-66.25.x86_64.rpm | SHA-256: 77d649dc5a9fd45069218d7b7c30edf8542391444999debcadb97c6200f8fee0 |
ia64 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.ia64.rpm | SHA-256: 27425f20d8915ceed796fa08eac2b658b5a0fafddf7b0b2631b340fc7453c89e |
pam-0.77-66.25.ia64.rpm | SHA-256: 27425f20d8915ceed796fa08eac2b658b5a0fafddf7b0b2631b340fc7453c89e |
pam-devel-0.77-66.25.ia64.rpm | SHA-256: ef7f2184e585fe7ae0fb6508f62c4a0e0b2687de912e945760abcf6380a0ce1e |
pam-devel-0.77-66.25.ia64.rpm | SHA-256: ef7f2184e585fe7ae0fb6508f62c4a0e0b2687de912e945760abcf6380a0ce1e |
i386 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
pam-0.77-66.25.src.rpm | SHA-256: ca70f5f089a30c72da0a45be0406d0d691734e768c6a7934e80a6c6676bd9939 |
x86_64 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.x86_64.rpm | SHA-256: cadc81e17e21a64fed594d3b9a6723327acb224780a3eec75319236717682468 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
pam-devel-0.77-66.25.x86_64.rpm | SHA-256: 77d649dc5a9fd45069218d7b7c30edf8542391444999debcadb97c6200f8fee0 |
ia64 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.ia64.rpm | SHA-256: 27425f20d8915ceed796fa08eac2b658b5a0fafddf7b0b2631b340fc7453c89e |
pam-devel-0.77-66.25.ia64.rpm | SHA-256: ef7f2184e585fe7ae0fb6508f62c4a0e0b2687de912e945760abcf6380a0ce1e |
i386 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
pam-0.77-66.25.src.rpm | SHA-256: ca70f5f089a30c72da0a45be0406d0d691734e768c6a7934e80a6c6676bd9939 |
x86_64 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-0.77-66.25.x86_64.rpm | SHA-256: cadc81e17e21a64fed594d3b9a6723327acb224780a3eec75319236717682468 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
pam-devel-0.77-66.25.x86_64.rpm | SHA-256: 77d649dc5a9fd45069218d7b7c30edf8542391444999debcadb97c6200f8fee0 |
i386 | |
pam-0.77-66.25.i386.rpm | SHA-256: 45fb61cf8f93f1b0eff58985e1f12ef117cc2ba218b32f2b107b8e2e075d2d20 |
pam-devel-0.77-66.25.i386.rpm | SHA-256: 167ac2a8d3173a406d0e332c2a23717fabe0b423f492933e9a05cd913f2b165f |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
pam-0.77-66.25.src.rpm | SHA-256: ca70f5f089a30c72da0a45be0406d0d691734e768c6a7934e80a6c6676bd9939 |
s390x | |
pam-0.77-66.25.s390.rpm | SHA-256: 50d6bfa0c22a88631f84f5cd7b74aaaa47a51de659f6695e2c4fe160b589c6ff |
pam-0.77-66.25.s390x.rpm | SHA-256: fe309f3770ded0b4398e5b21385c1e5b64f30a7278dd84abfd0bd53ec00ddbc0 |
pam-devel-0.77-66.25.s390.rpm | SHA-256: f12d1b6837e0862536d0a61abeacfdb398a997932be96a04960ea852e820f351 |
pam-devel-0.77-66.25.s390x.rpm | SHA-256: df9a0f2971986f9b42bd2d2957f6c2d938ccfd195a0ca48c53676be2bf6df2d3 |
s390 | |
pam-0.77-66.25.s390.rpm | SHA-256: 50d6bfa0c22a88631f84f5cd7b74aaaa47a51de659f6695e2c4fe160b589c6ff |
pam-devel-0.77-66.25.s390.rpm | SHA-256: f12d1b6837e0862536d0a61abeacfdb398a997932be96a04960ea852e820f351 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
pam-0.77-66.25.src.rpm | SHA-256: ca70f5f089a30c72da0a45be0406d0d691734e768c6a7934e80a6c6676bd9939 |
ppc | |
pam-0.77-66.25.ppc.rpm | SHA-256: eb8db6d49bdee4821fbdadbc3aa12d1d3e18001a54bc8bf8a16a55fd49657478 |
pam-0.77-66.25.ppc64.rpm | SHA-256: acf94783b49e4c6c956128967e3356dbb9c795100953b982706f1fae9cf49ae9 |
pam-devel-0.77-66.25.ppc.rpm | SHA-256: 74763f74557dbacdce1bbf36a28505c157a7a46c6974bbae724cf84b21ddfc07 |
pam-devel-0.77-66.25.ppc64.rpm | SHA-256: fdfec850486be6df250a241692ab1a0b4097e33cc71b5bc1633efdd3878ee0f0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.