Advisories » MGASA-2015-0266

Updated pam package fixes security vulnerability

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3238

Description

If SELinux is enabled, the _unix_run_helper_binary function in Linux-PAM
1.1.8 and earlier hangs indefinitely when verifying a password of 65536
characters, which allows attackers to conduct username enumeration and
denial of service attacks (CVE-2015-3238).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16212
• https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238

SRPMS

4/core

• pam-1.1.8-7.2.mga4

5/core

• pam-1.1.8-10.1.mga5