Joined: 12 May 2004
|Posted: Tue May 31, 2016 5:26 am Post subject: [ GLSA 201605-05 ] Linux-PAM
|Gentoo Linux Security Advisory
Title: Linux-PAM: Multiple vulnerabilities (GLSA 201605-05)
Date: May 31, 2016
Bug(s): #493432, #505604, #553302
Multiple vulnerabilities have been found in Linux-PAM, allowing
remote attackers to bypass the auth process and cause Denial of Service.
Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.
Vulnerable: < 1.2.1
Unaffected: >= 1.2.1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.
Remote attackers could cause Denial of Service, conduct brute force
attacks, and conduct username enumeration.
There is no known workaround at this time.
All Linux-PAM users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/pam-1.2.1"