Updated pam package fixes security vulnerability
Publication date: 05 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3238
Description
If SELinux is enabled, the _unix_run_helper_binary function in Linux-PAM 1.1.8 and earlier hangs indefinitely when verifying a password of 65536 characters, which allows attackers to conduct username enumeration and denial of service attacks (CVE-2015-3238).
References
SRPMS
5/core
- pam-1.1.8-10.1.mga5
4/core
- pam-1.1.8-7.2.mga4