Security Advisory Updated PAM packages available.

Advisory: RHSA-2000:120-04
Type: Security Advisory
Severity: N/A
Issued on: 2000-12-13
Last updated on: 2000-12-13
Affected Products: Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1189

Details

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser. Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow. These updates remove this vulnerability and fix various other
bugs.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 7.0

alpha:
ftp://updates.redhat.com/7.0/alpha/pam-0.72-37.alpha.rpm
Missing file
    35b9f1e8b06a18f091fd7d9f4e61caa9
 
i386:
ftp://updates.redhat.com/7.0/i386/pam-0.72-37.i386.rpm
Missing file
    9357b4322e4b08e140e7a5a1558fef48
 

Bugs fixed (see bugzilla for more information)

21467 - /etc/security/access.conf error in example


References


Keywords

PAM


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/