UbuntuUpdates.org

Package "libpam-modules"

Name: libpam-modules

Description:

Pluggable Authentication Modules for PAM

Latest version: 1.3.1-5ubuntu4.7
Release: focal (20.04)
Level: security
Repository: main
Head package: pam
Homepage: http://www.linux-pam.org/

Links


Download "libpam-modules"


Other versions of "libpam-modules" in Focal

Repository Area Version
base main 1.3.1-5ubuntu4
updates main 1.3.1-5ubuntu4.7

Changelog

Version: 1.3.1-5ubuntu4.7 2024-01-17 20:06:52 UTC

  pam (1.3.1-5ubuntu4.7) focal-security; urgency=medium

  * SECURITY UPDATE: pam_namespace local denial of service
    - debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
      prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
    - CVE-2024-22365

 -- Marc Deslauriers <email address hidden> Wed, 10 Jan 2024 08:55:08 -0500

Source diff to previous version

Version: 1.3.1-5ubuntu4.6 2023-02-06 05:07:18 UTC

  pam (1.3.1-5ubuntu4.6) focal-security; urgency=medium

  * SECURITY REGRESSION: fix CVE-2022-28321 patch location
    - debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
      hostnames in access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Thu, 02 Feb 2023 14:52:59 +0530

Source diff to previous version
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl

Version: 1.3.1-5ubuntu4.4 2023-01-25 11:06:57 UTC

  pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
      access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Tue, 24 Jan 2023 17:15:43 +0530

CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl



About   -   Send Feedback to @ubuntu_updates