Skip to navigation

Security Advisory Moderate: pam security and bug fix update

Advisory: RHSA-2007:0465-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-06-11
Last updated on: 2007-06-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0813
CVE-2007-1716

Details

Updated pam packages that resolves several bugs and security flaws are now
available for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs that handle authentication.

A flaw was found in the way the Linux kernel handled certain SG_IO
commands. Console users with access to certain device files had the ability
to damage recordable CD drives. The way pam_console handled permissions of
these files has been modified to disallow access. This change also required
modifications to the cdrecord application. (CVE-2004-0813)

A flaw was found in the way pam_console set console device permissions. It
was possible for various console devices to retain ownership of the console
user after logging out, possibly leaking information to an unauthorized
user. (CVE-2007-1716)

The pam_unix module provides authentication against standard /etc/passwd
and /etc/shadow files. The pam_stack module provides support for stacking
PAM configuration files. Both of these modules contained small memory leaks
which caused problems in applications calling PAM authentication repeatedly
in the same process.

All users of PAM should upgrade to these updated packages, which resolve
these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/cdrtools/2.01.0.a32-0.EL3.6/SRPMS/cdrtools-2.01.0.a32-0.EL3.6.src.rpm
Missing file
    MD5: 6b6e97e1866d9eb341c614dcf899fb6c
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/SRPMS/pam-0.75-72.src.rpm
Missing file
    MD5: 71809b6310ee4e91cc2da3476590e7c9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/i386/cdrecord-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: e9d24a7dba0d8e043ee950331def7ff5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/i386/cdrecord-devel-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: ce1f5cbc21982b29d308bf77cce71173
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/i386/mkisofs-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: 98403be931f5c9e93cc2a05e6d2bc71a
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/x86_64/cdrecord-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 191fc705418c09cd9161d7ef9521fbf5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/x86_64/cdrecord-devel-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: d8d656fbc1abb108043436080d5ab889
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/x86_64/mkisofs-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 4c082f400f8b0158d67e11070b7bbfd3
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/x86_64/pam-0.75-72.x86_64.rpm
Missing file
    MD5: cc1cf99261e2f74db161cd06227db7ae
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/x86_64/pam-devel-0.75-72.x86_64.rpm
Missing file
    MD5: f112024d3f7615c21cc611b979da0e9a
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/cdrtools/2.01.0.a32-0.EL3.6/SRPMS/cdrtools-2.01.0.a32-0.EL3.6.src.rpm
Missing file
    MD5: 6b6e97e1866d9eb341c614dcf899fb6c
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/SRPMS/pam-0.75-72.src.rpm
Missing file
    MD5: 71809b6310ee4e91cc2da3476590e7c9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/i386/cdrecord-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: e9d24a7dba0d8e043ee950331def7ff5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/i386/cdrecord-devel-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: ce1f5cbc21982b29d308bf77cce71173
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/i386/mkisofs-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: 98403be931f5c9e93cc2a05e6d2bc71a
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/ia64/cdrecord-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: b5b3c543aace890c586fed62a48053d9
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/ia64/cdrecord-devel-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 59beda52788b755833d4fedaa11d8d83
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/ia64/mkisofs-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 489f4000bf9795ebc2955b12b32e2745
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/ia64/pam-0.75-72.ia64.rpm
Missing file
    MD5: 62d7cbe8f6ef8f8b63e8ab5edca67868
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/ia64/pam-devel-0.75-72.ia64.rpm
Missing file
    MD5: e9c498359b75436e0119c49a7913e942
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/ppc/cdrecord-2.01.0.a32-0.EL3.6.ppc.rpm
Missing file
    MD5: c5001af180c662e751c493714f84ac48
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/ppc/cdrecord-devel-2.01.0.a32-0.EL3.6.ppc.rpm
Missing file
    MD5: dfe05cc005c16d036e620042ea2f3df7
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/ppc/mkisofs-2.01.0.a32-0.EL3.6.ppc.rpm
Missing file
    MD5: 615d142e2b86623ac2878edc00661630
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/ppc/pam-0.75-72.ppc.rpm
Missing file
    MD5: 86d8e1f81dbd01e53473865b0f4f8ac4
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/ppc64/pam-0.75-72.ppc64.rpm
Missing file
    MD5: 6d5e0f1b96c7e5b3b2ed6fc9dcc4ba6a
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/ppc/pam-devel-0.75-72.ppc.rpm
Missing file
    MD5: 380293efcc31a6eea3f7ec81e0b6b3f1
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/ppc64/pam-devel-0.75-72.ppc64.rpm
Missing file
    MD5: c7da4e076c6eb3b36a11a8af32ef3f2c
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/s390/cdrecord-2.01.0.a32-0.EL3.6.s390.rpm
Missing file
    MD5: c3956d9c866132a21936b2e4eaba7005
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/s390/cdrecord-devel-2.01.0.a32-0.EL3.6.s390.rpm
Missing file
    MD5: a6d9801473e97208ef9dcee45a1ddedd
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/s390/mkisofs-2.01.0.a32-0.EL3.6.s390.rpm
Missing file
    MD5: 0fbac0778936ed75c5533d70b5c39b48
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/s390/pam-0.75-72.s390.rpm
Missing file
    MD5: 5e6f17c5805cb66d243ecac33d2a003a
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/s390/pam-devel-0.75-72.s390.rpm
Missing file
    MD5: d22bcf925414089e9251f0640fe9f2c3
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/s390x/cdrecord-2.01.0.a32-0.EL3.6.s390x.rpm
Missing file
    MD5: 641820c318c2f9a55424afad603e8327
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/s390x/cdrecord-devel-2.01.0.a32-0.EL3.6.s390x.rpm
Missing file
    MD5: ddf0a35610e07743b7b71df3de914215
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/s390x/mkisofs-2.01.0.a32-0.EL3.6.s390x.rpm
Missing file
    MD5: 6b4530f27638047c77b18996cfd51ef6
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/s390/pam-0.75-72.s390.rpm
Missing file
    MD5: 5e6f17c5805cb66d243ecac33d2a003a
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/s390x/pam-0.75-72.s390x.rpm
Missing file
    MD5: 38c2811f19775bc30cfa14bf704d1170
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/s390/pam-devel-0.75-72.s390.rpm
Missing file
    MD5: d22bcf925414089e9251f0640fe9f2c3
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/s390x/pam-devel-0.75-72.s390x.rpm
Missing file
    MD5: 2e4f5ace3c4b74f2a9e80458ee505978
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/x86_64/cdrecord-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 191fc705418c09cd9161d7ef9521fbf5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/x86_64/cdrecord-devel-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: d8d656fbc1abb108043436080d5ab889
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/x86_64/mkisofs-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 4c082f400f8b0158d67e11070b7bbfd3
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/x86_64/pam-0.75-72.x86_64.rpm
Missing file
    MD5: cc1cf99261e2f74db161cd06227db7ae
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/x86_64/pam-devel-0.75-72.x86_64.rpm
Missing file
    MD5: f112024d3f7615c21cc611b979da0e9a
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/cdrtools/2.01.0.a32-0.EL3.6/SRPMS/cdrtools-2.01.0.a32-0.EL3.6.src.rpm
Missing file
    MD5: 6b6e97e1866d9eb341c614dcf899fb6c
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/SRPMS/pam-0.75-72.src.rpm
Missing file
    MD5: 71809b6310ee4e91cc2da3476590e7c9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/i386/cdrecord-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: e9d24a7dba0d8e043ee950331def7ff5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/i386/cdrecord-devel-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: ce1f5cbc21982b29d308bf77cce71173
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/i386/mkisofs-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: 98403be931f5c9e93cc2a05e6d2bc71a
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/ia64/cdrecord-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: b5b3c543aace890c586fed62a48053d9
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/ia64/cdrecord-devel-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 59beda52788b755833d4fedaa11d8d83
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/ia64/mkisofs-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 489f4000bf9795ebc2955b12b32e2745
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/ia64/pam-0.75-72.ia64.rpm
Missing file
    MD5: 62d7cbe8f6ef8f8b63e8ab5edca67868
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/ia64/pam-devel-0.75-72.ia64.rpm
Missing file
    MD5: e9c498359b75436e0119c49a7913e942
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/x86_64/cdrecord-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 191fc705418c09cd9161d7ef9521fbf5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/x86_64/cdrecord-devel-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: d8d656fbc1abb108043436080d5ab889
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/x86_64/mkisofs-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 4c082f400f8b0158d67e11070b7bbfd3
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/x86_64/pam-0.75-72.x86_64.rpm
Missing file
    MD5: cc1cf99261e2f74db161cd06227db7ae
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/x86_64/pam-devel-0.75-72.x86_64.rpm
Missing file
    MD5: f112024d3f7615c21cc611b979da0e9a
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/cdrtools/2.01.0.a32-0.EL3.6/SRPMS/cdrtools-2.01.0.a32-0.EL3.6.src.rpm
Missing file
    MD5: 6b6e97e1866d9eb341c614dcf899fb6c
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/SRPMS/pam-0.75-72.src.rpm
Missing file
    MD5: 71809b6310ee4e91cc2da3476590e7c9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/i386/cdrecord-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: e9d24a7dba0d8e043ee950331def7ff5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/i386/cdrecord-devel-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: ce1f5cbc21982b29d308bf77cce71173
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/i386/mkisofs-2.01.0.a32-0.EL3.6.i386.rpm
Missing file
    MD5: 98403be931f5c9e93cc2a05e6d2bc71a
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/ia64/cdrecord-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: b5b3c543aace890c586fed62a48053d9
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/ia64/cdrecord-devel-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 59beda52788b755833d4fedaa11d8d83
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/ia64/mkisofs-2.01.0.a32-0.EL3.6.ia64.rpm
Missing file
    MD5: 489f4000bf9795ebc2955b12b32e2745
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/ia64/pam-0.75-72.ia64.rpm
Missing file
    MD5: 62d7cbe8f6ef8f8b63e8ab5edca67868
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/ia64/pam-devel-0.75-72.ia64.rpm
Missing file
    MD5: e9c498359b75436e0119c49a7913e942
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord/2.01.0.a32-0.EL3.6/x86_64/cdrecord-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 191fc705418c09cd9161d7ef9521fbf5
ftp://updates.redhat.com/rhn/repository/NULL/cdrecord-devel/2.01.0.a32-0.EL3.6/x86_64/cdrecord-devel-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: d8d656fbc1abb108043436080d5ab889
ftp://updates.redhat.com/rhn/repository/NULL/mkisofs/2.01.0.a32-0.EL3.6/x86_64/mkisofs-2.01.0.a32-0.EL3.6.x86_64.rpm
Missing file
    MD5: 4c082f400f8b0158d67e11070b7bbfd3
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/i386/pam-0.75-72.i386.rpm
Missing file
    MD5: 165dba1515e4ebd2317bd9fa8009b5e0
ftp://updates.redhat.com/rhn/repository/NULL/pam/0.75-72/x86_64/pam-0.75-72.x86_64.rpm
Missing file
    MD5: cc1cf99261e2f74db161cd06227db7ae
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/i386/pam-devel-0.75-72.i386.rpm
Missing file
    MD5: dc80f61b4f1143d62806a1daecf55e23
ftp://updates.redhat.com/rhn/repository/NULL/pam-devel/0.75-72/x86_64/pam-devel-0.75-72.x86_64.rpm
Missing file
    MD5: f112024d3f7615c21cc611b979da0e9a
 

Bugs fixed (see bugzilla for more information)

133098 - CVE-2004-0813 SG_IO unsafe user command execution
204055 - Possibly memory leak in pam modules.
230625 - 4byte leak in pam_unix.so
232096 - CVE-2004-0813 SG_IO unsafe user command execution
234142 - CVE-2007-1716 Ownership of devices not returned to root after logout from console


References


Keywords

leak, memory, pam_stack, pam_unix


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/