Skip to navigation

Bug Fix Advisory pam bug fix and enhancement update

Advisory: RHBA-2011:0685-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-05-19
Last updated on: 2011-05-19
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated pam packages that fix bugs and add enhancements are now available.

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.

These updated pam packages fix the following bugs:

* When the pam packages were updated, the /var/log/tallylog and
/var/log/faillog files were overwritten with empty files because of
an incorrect condition check in the %post script. This has been
corrected, and PAM no longer attempts to overwrite tallylog and
faillog files when they exist prior to update. (BZ#614766)

* A code review revealed several small memory leaks and improperly
handled error paths in pam_namespace, pam_selinux, pam_limits,
pam_pwhistory, pam_time, and pam_group modules. These issues have
been corrected. (BZ#679069)

These updated packages also provide the following enhancements:

* The pam_limits module, which sets resource limits for processes,
now supports matching individual and ranges of user and group
identifiers in its limits.conf configuration file. (BZ#622847)

* A new pam_faillock module was added to support temporary locking of
user accounts in the event of multiple failed authentication
attempts. This new module improves functionality over the existing
pam_tally2 module, as it also allows temporary locking when the
authentication attempts are done over a screen saver. (BZ#644971)

* The audit records provided by the pam_selinux and pam_tally2
modules have been improved to include tty and remote hostname
information in each recorded event. (BZ#677664)

All pam users are advised to upgrade to these updated packages, which resolve
these issues and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
pam-1.1.1-8.el6.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 9c1907775b50022f6b2baf07d1d1d63a
SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
 
IA-32:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
 
x86_64:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 3ad1096b5af88de45b8ff2e79d6ab087
SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 37d1b1da56c420bc7888a7627315cfa4
SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 912232cc232bfa48180b9b4af238d7aa
SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
pam-1.1.1-8.el6.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 9c1907775b50022f6b2baf07d1d1d63a
SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
 
x86_64:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 3ad1096b5af88de45b8ff2e79d6ab087
SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 37d1b1da56c420bc7888a7627315cfa4
SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 912232cc232bfa48180b9b4af238d7aa
SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
pam-1.1.1-8.el6.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 9c1907775b50022f6b2baf07d1d1d63a
SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
 
IA-32:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
 
PPC:
pam-1.1.1-8.el6.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: b5fcf75cf58cb77fed35bc7b75c30aac
SHA-256: 82cca64e5eb62023db2dccf62edb8f969d36cebb47baa07734308ddc3fb1e9dd
pam-1.1.1-8.el6.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: c1c452f7436d89d3c5aea601088325be
SHA-256: febc5fbf8d3903cb60c307d0ca1d869bb9d3c6a41adc8f0b09566efbe748b8f9
pam-debuginfo-1.1.1-8.el6.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: 87ef786e07bc03c756ef0c296db7383f
SHA-256: d7e8089991d2d7d9d562d53b3450577ad239219e09367fcdbac91df1a25037c2
pam-debuginfo-1.1.1-8.el6.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: cce8f9eeb807f2b84f6b410db602309c
SHA-256: 109c2f320decf3d081862c7b9fadae6b759ddfb79b7c09be85037aa6b91a5b29
pam-devel-1.1.1-8.el6.ppc.rpm
File outdated by:  RHEA-2013:1734
    MD5: 6bdd241fdb459d7c1bfd4ec70c03b01b
SHA-256: 19b99928da51c90c81b8219c2ceab2af4aa8d11c688600cf0bd695034e931c80
pam-devel-1.1.1-8.el6.ppc64.rpm
File outdated by:  RHEA-2013:1734
    MD5: ae2c93516ed6d59743170291399265ca
SHA-256: 125e8eae0f28b822254057f2f7dff6700288ad81200536dc23319939345d5631
 
s390x:
pam-1.1.1-8.el6.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: f690f88cf217b3ea885d3a94c696da45
SHA-256: 4b6e96764a7ec4c29050d9cf78b70e2b282dea5df5f867e22d67ba6bff071cc4
pam-1.1.1-8.el6.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: c104c4f7427054f55c58c8bd11a4392b
SHA-256: 28d7458ce91bd18a6a61e09b56454ca6dcb3c440cf64067929358d9b5397e9b5
pam-debuginfo-1.1.1-8.el6.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: c55e75a989a6c45d12d4f13f6f262fd9
SHA-256: b45311f20ce4b0d88a6eddd3322f07c5738a2b682c37bac07cb531e8d184807f
pam-debuginfo-1.1.1-8.el6.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: a47206cc8c051a69d4fb8e793f380cef
SHA-256: 8795fb5b4e851e0f07eb4121ce2440e4665a99ef2c28a49e431142756631d0bd
pam-devel-1.1.1-8.el6.s390.rpm
File outdated by:  RHEA-2013:1734
    MD5: 6dc492a2045bb82fe5cc918af893b3b9
SHA-256: 3db31d4dac383df2f5a3645063775def12c660f0e40d525b44c4c547814b98b4
pam-devel-1.1.1-8.el6.s390x.rpm
File outdated by:  RHEA-2013:1734
    MD5: 186301b3c1c1ecb28ff1ce4086ad8b54
SHA-256: 5903fd466d21d152f001282ca922ed70301e88d133e0d823cc0a1f81c7244b7b
 
x86_64:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 3ad1096b5af88de45b8ff2e79d6ab087
SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 37d1b1da56c420bc7888a7627315cfa4
SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 912232cc232bfa48180b9b4af238d7aa
SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
pam-1.1.1-8.el6.src.rpm
File outdated by:  RHEA-2013:1734
    MD5: 9c1907775b50022f6b2baf07d1d1d63a
SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
 
IA-32:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
 
x86_64:
pam-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: ec1332519c2ad0e2b7155b3955aa9f2a
SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 3ad1096b5af88de45b8ff2e79d6ab087
SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: 43a6e034f5ffe592317f3e2a6e71f667
SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 37d1b1da56c420bc7888a7627315cfa4
SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm
File outdated by:  RHEA-2013:1734
    MD5: a8e35dfb4f9ba925049be68b28143a0f
SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm
File outdated by:  RHEA-2013:1734
    MD5: 912232cc232bfa48180b9b4af238d7aa
SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

614766 - PAM truncates /var/log/faillog on upgrade
677664 - pam USER_ROLE_CHANGE audit events missing some info


Keywords

audit, fail, faillock, leak, locking, rhost, screensaver, tallylog, tty


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/