Skip to navigation

Security Advisory Updated PAM packages available.

Advisory: RHSA-2000:120-04
Type: Security Advisory
Severity: N/A
Issued on: 2000-12-13
Last updated on: 2000-12-13
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux Enterprise Edition
CVEs (cve.mitre.org): CVE-2000-1189

Details

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser. Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow. These updates remove this vulnerability and fix various other
bugs.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-20.6.x/SRPMS/pam-0.72-20.6.x.src.rpm
Missing file
    MD5: bb1b95b6ecb575cf661829f88e204a3e
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-20.6.x/alpha/pam-0.72-20.6.x.alpha.rpm
Missing file
    MD5: 7ea244b2447e4857421dd1a65ba966aa
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-20.6.x/i386/pam-0.72-20.6.x.i386.rpm
Missing file
    MD5: e826a8c60ee167d70f33ef117d0c3742
 
Sparc:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-20.6.x/sparc/pam-0.72-20.6.x.sparc.rpm
Missing file
    MD5: 818881ffe3d0fd6912b06fa17f09416c
 
Red Hat Linux 7.0

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-37/SRPMS/pam-0.72-37.src.rpm
Missing file
    MD5: 9cb817f5daf291feeae03ea10b97f42b
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-37/alpha/pam-0.72-37.alpha.rpm
Missing file
    MD5: 35b9f1e8b06a18f091fd7d9f4e61caa9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.72-37/i386/pam-0.72-37.i386.rpm
Missing file
    MD5: 9357b4322e4b08e140e7a5a1558fef48
 

Bugs fixed (see bugzilla for more information)

21467 - /etc/security/access.conf error in example


References


Keywords

PAM


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/