UbuntuUpdates.org

Package "libpam-modules-bin"

Name: libpam-modules-bin

Description:

Pluggable Authentication Modules for PAM - helper binaries

Latest version: 1.3.1-5ubuntu4.7
Release: focal (20.04)
Level: updates
Repository: main
Head package: pam
Homepage: http://www.linux-pam.org/

Links


Download "libpam-modules-bin"


Other versions of "libpam-modules-bin" in Focal

Repository Area Version
base main 1.3.1-5ubuntu4
security main 1.3.1-5ubuntu4.7

Changelog

Version: 1.3.1-5ubuntu4.7 2024-01-17 20:06:54 UTC

  pam (1.3.1-5ubuntu4.7) focal-security; urgency=medium

  * SECURITY UPDATE: pam_namespace local denial of service
    - debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
      prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
    - CVE-2024-22365

 -- Marc Deslauriers <email address hidden> Wed, 10 Jan 2024 08:55:08 -0500

Source diff to previous version

Version: 1.3.1-5ubuntu4.6 2023-02-06 06:07:15 UTC

  pam (1.3.1-5ubuntu4.6) focal-security; urgency=medium

  * SECURITY REGRESSION: fix CVE-2022-28321 patch location
    - debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
      hostnames in access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Thu, 02 Feb 2023 14:52:59 +0530

Source diff to previous version
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl

Version: 1.3.1-5ubuntu4.4 2023-01-25 12:06:55 UTC

  pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
      access.conf
    - CVE-2022-28321

 -- Nishit Majithia <email address hidden> Tue, 24 Jan 2023 17:15:43 +0530

Source diff to previous version
CVE-2022-28321 The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctl

Version: 1.3.1-5ubuntu4.3 2021-10-06 00:06:16 UTC

  pam (1.3.1-5ubuntu4.3) focal; urgency=medium

  * Correctly document current VCS in debian/control.
  * Drop patches to implement "nullok_secure" option for pam_unix.
    Closes: #674857, #936071, LP: #1860826.
  * debian/patches-applied/nullok_secure-compat.patch: Support
    nullok_secure as a deprecated alias for nullok.
  * debian/pam-configs/unix: use nullok, not nullok_secure.
  * extrausers.patch: update for compatibility with the removal of
    nullok_secure.

 -- Steve Langasek <email address hidden> Thu, 16 Sep 2021 23:14:49 -0700

Source diff to previous version
1860826 pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
674857 Disable pam_securetty by default?

Version: 1.3.1-5ubuntu4.2 2021-05-24 12:06:22 UTC

  pam (1.3.1-5ubuntu4.2) focal; urgency=medium

  * Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
    - debian/patches-applied/add_pam_faillock.patch: add module.
    - debian/patches-applied/pam_faillock_create_directory: create dir
      before creating file in modules/pam_faillock/faillock.c.
    - debian/rules: set execute permissions on pam_faillock test.
    - debian/libpam-modules-bin.install: install faillock binary and man
      page.

 -- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 07:06:27 -0400

1927796 [SRU]pam_tally2 can cause accounts to be locked by correct password. pam_faillock use is the recommended fix



About   -   Send Feedback to @ubuntu_updates