Skip to navigation

Bug Fix Advisory pam bug fix update

Advisory: RHBA-2005:062-07
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2005-05-18
Last updated on: 2005-05-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)

Details

Updated pam packages that resolve bugs in pam_unix and pam_timestamp
modules are now available for Red Hat Enterprise Linux.

PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without having
to recompile programs that handle authentication.

The pam_unix module is used for traditional UNIX authentication via
/etc/passwd, /etc/shadow or NIS. The updated package resolves the following
issues:

A passwd command could falsely report a succesfull password change even if
the change didn't succeed due to immutable /etc/shadow file.

A passwd command changed NIS password even if the user was maintained
locally in the /etc/passwd file. Now it changes the local password instead.
For changing the NIS password for such user it is necessary to use the
yppaswd utility.

When logging in to a ssh server with a user with an empty password, it
didn't obey the 'PermitEmptyPasswords no' setting and allowed the user to
log in.

The pam_timestamp module is used for keeping root login access for system
administration applications so the user doesn't have to enter the root
password each time the application is started.

The updated package now checks if the user starting the application has
already logged out of the system after the previous root password entry and
it ensures the user has to enter the root password again in such case.

All users of PAM should upgrade to these updated packages, which resolve
these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
pam-0.75-64.src.rpm
File outdated by:  RHSA-2007:0465
    MD5: ba58d8fcf552ac8f91db6f29712d94cc
 
IA-32:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
 
x86_64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 58e18706c6e90eb743011d6a897a8285
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
pam-devel-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 830b6b707ff09f519fbe2ced225e1a0c
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
pam-0.75-64.src.rpm
File outdated by:  RHSA-2007:0465
    MD5: ba58d8fcf552ac8f91db6f29712d94cc
 
IA-32:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
 
IA-64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 82101d405f2759c462b9bb67d4d49d04
pam-devel-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 5ab6d53bfb5d674a5e05356b8023f91b
 
PPC:
pam-0.75-64.ppc.rpm
File outdated by:  RHSA-2007:0465
    MD5: 134b231eaf2c9bb5cae92f677e9e5037
pam-0.75-64.ppc64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 78ddf33fea27af7c3c768043f89a01e1
pam-devel-0.75-64.ppc.rpm
File outdated by:  RHSA-2007:0465
    MD5: 4318fc84a9614cd39e19877a6718e30e
pam-devel-0.75-64.ppc64.rpm
File outdated by:  RHSA-2007:0465
    MD5: f89d34979f7ccf0ba14fc5135591df41
 
s390:
pam-0.75-64.s390.rpm
File outdated by:  RHSA-2007:0465
    MD5: 29420d54c331badfb18f2f015e067ea4
pam-devel-0.75-64.s390.rpm
File outdated by:  RHSA-2007:0465
    MD5: 7d87a1fc45dd93818f5d3e1a93d467db
 
s390x:
pam-0.75-64.s390.rpm
File outdated by:  RHSA-2007:0465
    MD5: 29420d54c331badfb18f2f015e067ea4
pam-0.75-64.s390x.rpm
File outdated by:  RHSA-2007:0465
    MD5: b46931aae02630bb907fb16d89068b52
pam-devel-0.75-64.s390.rpm
File outdated by:  RHSA-2007:0465
    MD5: 7d87a1fc45dd93818f5d3e1a93d467db
pam-devel-0.75-64.s390x.rpm
File outdated by:  RHSA-2007:0465
    MD5: 56e73246189bbb0503289aaaafc503d2
 
x86_64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 58e18706c6e90eb743011d6a897a8285
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
pam-devel-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 830b6b707ff09f519fbe2ced225e1a0c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
pam-0.75-64.src.rpm
File outdated by:  RHSA-2007:0465
    MD5: ba58d8fcf552ac8f91db6f29712d94cc
 
IA-32:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
 
IA-64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 82101d405f2759c462b9bb67d4d49d04
pam-devel-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 5ab6d53bfb5d674a5e05356b8023f91b
 
x86_64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 58e18706c6e90eb743011d6a897a8285
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
pam-devel-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 830b6b707ff09f519fbe2ced225e1a0c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
pam-0.75-64.src.rpm
File outdated by:  RHSA-2007:0465
    MD5: ba58d8fcf552ac8f91db6f29712d94cc
 
IA-32:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
 
IA-64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 82101d405f2759c462b9bb67d4d49d04
pam-devel-0.75-64.ia64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 5ab6d53bfb5d674a5e05356b8023f91b
 
x86_64:
pam-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: 65e26cab45732202d7422bce9ee81978
pam-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 58e18706c6e90eb743011d6a897a8285
pam-devel-0.75-64.i386.rpm
File outdated by:  RHSA-2007:0465
    MD5: d2139e15a2522df94a60478da7d1129a
pam-devel-0.75-64.x86_64.rpm
File outdated by:  RHSA-2007:0465
    MD5: 830b6b707ff09f519fbe2ced225e1a0c
 

Bugs fixed (see bugzilla for more information)

115309 - NIS password changes are attempted before local user
136855 - Unexpected behavior with PAM, openssh and blank passwords
148986 - recent pam_limits change breaks existing configurations
77646 - passwd falsely reports successful change when /etc/shadow is immutable


Keywords

blank, immutable, nis, openssh, password, timestamp


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/