[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Redhat :Updated PAM packages availablel.]



---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated PAM packages available.
Advisory ID:       RHSA-2000:120-04
Issue date:        2000-11-29
Updated on:        2000-12-01
Product:           Red Hat Linux
Keywords:          PAM
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated PAM packages are now available for Red Hat Linux 6.x and 7.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha
Red Hat Linux 7.0J - i386, alpha

3. Problem description:

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both
included a new module, pam_localuser.  Although this module is not used in
any default configurations, the version included was vulnerable to a buffer
overflow.  These updates remove this vulnerability and fix various other
bugs.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

14740 - pam_cracklib: 'similiar()' broken
16456 - files missing from pam-0.72-20
18055 - Passwords can't be changed
20542 - PAM doesn't set RLIMIT_LOCKS when compiled against glibc-2.2 headers
21467 - /etc/security/access.conf error in example


6. RPMs required:

Red Hat Linux 6.0:

sparc:
ftp://updates.redhat.com/6.0/sparc/pam-0.72-20.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.0/i386/pam-0.72-20.6.x.i386.rpm

alpha:
ftp://updates.redhat.com/6.0/alpha/pam-0.72-20.6.x.alpha.rpm

sources:
ftp://updates.redhat.com/6.0/SRPMS/pam-0.72-20.6.x.src.rpm

Red Hat Linux 6.1:

alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.72-20.6.x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.72-20.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.1/i386/pam-0.72-20.6.x.i386.rpm

sources:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.72-20.6.x.src.rpm

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/pam-0.72-20.6.x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/pam-0.72-20.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/pam-0.72-20.6.x.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/pam-0.72-20.6.x.src.rpm

Red Hat Linux 7.0:

alpha:
ftp://updates.redhat.com/7.0/alpha/pam-0.72-37.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/i386/pam-0.72-37.i386.rpm

sources:
ftp://updates.redhat.com/7.0/SRPMS/pam-0.72-37.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
bb1b95b6ecb575cf661829f88e204a3e  6.0/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.0/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.0/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.0/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.1/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.1/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.1/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.1/sparc/pam-0.72-20.6.x.sparc.rpm
bb1b95b6ecb575cf661829f88e204a3e  6.2/SRPMS/pam-0.72-20.6.x.src.rpm
7ea244b2447e4857421dd1a65ba966aa  6.2/alpha/pam-0.72-20.6.x.alpha.rpm
e826a8c60ee167d70f33ef117d0c3742  6.2/i386/pam-0.72-20.6.x.i386.rpm
818881ffe3d0fd6912b06fa17f09416c  6.2/sparc/pam-0.72-20.6.x.sparc.rpm
9cb817f5daf291feeae03ea10b97f42b  7.0/SRPMS/pam-0.72-37.src.rpm
35b9f1e8b06a18f091fd7d9f4e61caa9  7.0/alpha/pam-0.72-37.alpha.rpm
9357b4322e4b08e140e7a5a1558fef48  7.0/i386/pam-0.72-37.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.