ELSA-2007-0555

ELSA-2007-0555 - pam security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2007-11-19

Description


[0.99.6.2-3.26]
- removed realtime default limits (#240123) from the package as
it caused regression on machines with nonexistent realtime group

[0.99.6.2-3.25]
- added and improved translations (#219124)
- adjusted the default limits for realtime users (#240123)

[0.99.6.2-3.23]
- pam_unix: truncated MD5 passwords in shadow shouldn't match (#219258)
- pam_limits: add limits.d support (#232700)
- pam_limits, pam_time, pam_access: add auditing of failed logins (#232993)
- pam_namespace: expand /home/ksharma even when appended with text (#237163)
original patch by Ted X. Toth
- add some default limits for users in realtime group (#240123)
- CVE-2007-3102 - prevent audit log injection through user name (#243204)

[0.99.6.2-3.22]
- make unix_update helper executable only by root as it isn't
useful for regular user anyway

[0.99.6.2-3.21]
- pam_namespace: better document behavior on failure (#237249)
- pam_unix: split out passwd change to a new helper binary (#236316)

[0.99.6.2-3.19]
- pam_selinux: improve context change auditing (#234781)

[0.99.6.2-3.18]
- pam_console: always decrement use count (#233581)
- pam_namespace: fix parsing config file with unknown users (#234513)

[0.99.6.2-3.17]
- pam_namespace: unmount poly dir for override users (#229689)
- pam_namespace: use raw context for poly dir name (#227345)
- pam_namespace: truncate long poly dir name (append hash) (#230120)

[0.99.6.2-3.15]
- correctly relabel tty in the default case (#229542)


Related CVEs


CVE-2007-1716
CVE-2007-3102

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 5 (i386) pam-0.99.6.2-3.26.el5.src.rpm4ae6701551608359f4ce79de1264f3395d04fd6079ed2064ae1094d0b1908e43ELBA-2015-1032el5_u1_i386_base
pam-0.99.6.2-3.26.el5.i386.rpm1c398ff063af262631a7a3034ee45284258d1fa199fc4a0ebf74e00137ae55aeELBA-2015-1032el5_u1_i386_base
pam-devel-0.99.6.2-3.26.el5.i386.rpme78c7d3392f1df55efc164c93947a898bb45e3aedf7b7235295de345ac50b015ELBA-2015-1032el5_u1_i386_base
Oracle Linux 5 (x86_64) pam-0.99.6.2-3.26.el5.src.rpm4ae6701551608359f4ce79de1264f3395d04fd6079ed2064ae1094d0b1908e43ELBA-2015-1032el5_u1_x86_64_base
pam-0.99.6.2-3.26.el5.i386.rpm1c398ff063af262631a7a3034ee45284258d1fa199fc4a0ebf74e00137ae55aeELBA-2015-1032el5_u1_x86_64_base
pam-0.99.6.2-3.26.el5.x86_64.rpm3f2507b675c81b5ef0b3b57c145cf47f174e0d7dd566fec304ba0a694282d232ELBA-2015-1032el5_u1_x86_64_base
pam-devel-0.99.6.2-3.26.el5.i386.rpme78c7d3392f1df55efc164c93947a898bb45e3aedf7b7235295de345ac50b015ELBA-2015-1032el5_u1_x86_64_base
pam-devel-0.99.6.2-3.26.el5.x86_64.rpmacb14baafa3f7f38dbe82132b4d958c02af7b63df25e0e470135d521f4a09c6cELBA-2015-1032el5_u1_x86_64_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete