Updated PAM packages available.

Advisory:	RHSA-2000:120-04
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-12-13
Last updated on:	2000-12-13
Affected Products:	Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1189

Details

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser. Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow. These updates remove this vulnerability and fix various other
bugs.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 7.0

alpha:
ftp://updates.redhat.com/7.0/alpha/pam-0.72-37.alpha.rpm Missing file	`35b9f1e8b06a18f091fd7d9f4e61caa9`

i386:
ftp://updates.redhat.com/7.0/i386/pam-0.72-37.i386.rpm Missing file	`9357b4322e4b08e140e7a5a1558fef48`

Bugs fixed (see bugzilla for more information)

21467 - /etc/security/access.conf error in example

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1189
N/A

Keywords

PAM

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/