Advisories ยป MGASA-2015-0266

Updated pam package fixes security vulnerability

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3238

Description

If SELinux is enabled, the _unix_run_helper_binary function in Linux-PAM
1.1.8 and earlier hangs indefinitely when verifying a password of 65536
characters, which allows attackers to conduct username enumeration and
denial of service attacks (CVE-2015-3238).
                

References

SRPMS

4/core

5/core