- Issued:
- 2009-05-18
- Updated:
- 2009-05-18
RHBA-2009:0995 - Bug Fix Advisory
Synopsis
pam bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated pam packages that fix several bugs and add an enhancement are now
available.
Description
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies, without having to
recompile programs that handle authentication.
These updated pam packages provide fixes for the following bugs:
- the pam_rhosts_auth module was not able to identify host names with
leading digits.
- the pam_unix module was not able to update passwords when it was called
from a multithreaded application.
- on systems with 32-bit user IDs (UIDs), the pam_loginuid module did not
correctly set the loginuid value in the kernel, and the module returned an
error when users with UID numbers greater than 31 bits tried to authenticate.
- certain modules, including pam_access, could fail group membership tests
on systems with groups containing a large number of members.
- the documentation for the pam_limits module has been updated to include
information stating that the Resident Set Size (RSS) limit is not enforced
on current kernels.
- the pam_limits module was unable to apply limits to users who belonged to
very large groups. The maximum size of internal buffers for group entries
has been increased so that limits still take effect even with very large
groups.
In addition, these updated pam packages provide an enhancement in the way
of an option for the pam_tally2 module that allows serialized access to the
/var/log/tallylog file. Enabling this option prevents possible failed
authentication when two separate processes attempt to authenticate nearly
simultaneously when the lock_time option ("always deny for n seconds after
a failed attempt") is set to a value of one or greater.
Users are advised to upgrade to these updated pam packages, which resolve
these issues and add this enhancement.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 446025 - pam_tally2 race when authenticating more than once at the same time.
- BZ - 447842 - pam_limits PWD_ABSURD_PWD_LENGTH is still too low
- BZ - 459628 - Problem with man page for limits.conf
- BZ - 460241 - pam_loginuid fails on 32 bit uid's
- BZ - 469857 - pam_chauthtok() only works in main but not child threads
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
pam-0.77-66.26.src.rpm | SHA-256: 802e8adfd715e2af7d9cbcea29e293c8f17dee991ac4561b9ada055bb880f920 |
x86_64 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.x86_64.rpm | SHA-256: de7053738df298abca2271b9444b4bcd3cf118294500f84b70ff4837eccbbcc8 |
pam-0.77-66.26.x86_64.rpm | SHA-256: de7053738df298abca2271b9444b4bcd3cf118294500f84b70ff4837eccbbcc8 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
pam-devel-0.77-66.26.x86_64.rpm | SHA-256: 659a0a61bd585b5ecdf5845a44d0761cda30d18211e936e9ee6b9bd65fe9ae2d |
pam-devel-0.77-66.26.x86_64.rpm | SHA-256: 659a0a61bd585b5ecdf5845a44d0761cda30d18211e936e9ee6b9bd65fe9ae2d |
ia64 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.ia64.rpm | SHA-256: 601c3be8388e1a96cb0fefd994a05fa356723bdb1083088188a42ca559d44a6e |
pam-0.77-66.26.ia64.rpm | SHA-256: 601c3be8388e1a96cb0fefd994a05fa356723bdb1083088188a42ca559d44a6e |
pam-devel-0.77-66.26.ia64.rpm | SHA-256: 7b9c74e9b6a19a6bd32f7c89e5a275a36f0b078ccce2ea463879be0b21608d31 |
pam-devel-0.77-66.26.ia64.rpm | SHA-256: 7b9c74e9b6a19a6bd32f7c89e5a275a36f0b078ccce2ea463879be0b21608d31 |
i386 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
pam-0.77-66.26.src.rpm | SHA-256: 802e8adfd715e2af7d9cbcea29e293c8f17dee991ac4561b9ada055bb880f920 |
x86_64 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.x86_64.rpm | SHA-256: de7053738df298abca2271b9444b4bcd3cf118294500f84b70ff4837eccbbcc8 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
pam-devel-0.77-66.26.x86_64.rpm | SHA-256: 659a0a61bd585b5ecdf5845a44d0761cda30d18211e936e9ee6b9bd65fe9ae2d |
ia64 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.ia64.rpm | SHA-256: 601c3be8388e1a96cb0fefd994a05fa356723bdb1083088188a42ca559d44a6e |
pam-devel-0.77-66.26.ia64.rpm | SHA-256: 7b9c74e9b6a19a6bd32f7c89e5a275a36f0b078ccce2ea463879be0b21608d31 |
i386 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
pam-0.77-66.26.src.rpm | SHA-256: 802e8adfd715e2af7d9cbcea29e293c8f17dee991ac4561b9ada055bb880f920 |
x86_64 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-0.77-66.26.x86_64.rpm | SHA-256: de7053738df298abca2271b9444b4bcd3cf118294500f84b70ff4837eccbbcc8 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
pam-devel-0.77-66.26.x86_64.rpm | SHA-256: 659a0a61bd585b5ecdf5845a44d0761cda30d18211e936e9ee6b9bd65fe9ae2d |
i386 | |
pam-0.77-66.26.i386.rpm | SHA-256: 04a76f218a41a7965c4e53ae3e99dc71910fd9d6177c48207c7fe8b82004c7d6 |
pam-devel-0.77-66.26.i386.rpm | SHA-256: 4dcb88a78531a883b584d2574a05a4f8bfe6c73aaeb88fd0c74b345afcdc50d8 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
pam-0.77-66.26.src.rpm | SHA-256: 802e8adfd715e2af7d9cbcea29e293c8f17dee991ac4561b9ada055bb880f920 |
s390x | |
pam-0.77-66.26.s390.rpm | SHA-256: aff4ebf81be5dd7d265aecddde7792f5c5e39a5745ab0a175a7e83f8b908576b |
pam-0.77-66.26.s390x.rpm | SHA-256: 8be1107ca0b907c7c23154ebdb7ea122185e74bda6e78f6b1f52ee72fa5e0a69 |
pam-devel-0.77-66.26.s390.rpm | SHA-256: 0337c096181d5d2fabca036f0b73e4ce559da7ae30eb12b7cee3a3f9afe7a504 |
pam-devel-0.77-66.26.s390x.rpm | SHA-256: 677dcdf13b6f4d7b065afa208e58324a22f02e119e39d20809c09bbd60301a63 |
s390 | |
pam-0.77-66.26.s390.rpm | SHA-256: aff4ebf81be5dd7d265aecddde7792f5c5e39a5745ab0a175a7e83f8b908576b |
pam-devel-0.77-66.26.s390.rpm | SHA-256: 0337c096181d5d2fabca036f0b73e4ce559da7ae30eb12b7cee3a3f9afe7a504 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
pam-0.77-66.26.src.rpm | SHA-256: 802e8adfd715e2af7d9cbcea29e293c8f17dee991ac4561b9ada055bb880f920 |
ppc | |
pam-0.77-66.26.ppc.rpm | SHA-256: 23e37272e632c84d449ce7964a7b94b2abca7bf63f8559a8bc001dd93a3ef0f7 |
pam-0.77-66.26.ppc64.rpm | SHA-256: ce80688df1526abcd92166599d4263df2963f92dfd7bda9f5f05b56251a0f511 |
pam-devel-0.77-66.26.ppc.rpm | SHA-256: ebab13d7306c49260fa77ffe933df8e4435556b6326c681fbea5675d2e2f6251 |
pam-devel-0.77-66.26.ppc64.rpm | SHA-256: 9845ee3d8b6833e7833e8bf26b6f82f548f6a6d727abc985f70e847b5b0609eb |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.