UbuntuUpdates.org

Package "pam"

Name: pam

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Documentation of PAM
  • Pluggable Authentication Modules for PAM
  • Pluggable Authentication Modules for PAM - helper binaries
  • Runtime support for the PAM library
Latest version: 1.5.3-5ubuntu5.4
Release: noble (24.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pam" in Noble

Repository Area Version
base main 1.5.3-5ubuntu5
updates main 1.5.3-5ubuntu5.4
proposed main 1.5.3-5ubuntu5.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.3-5ubuntu5.4 2025-06-18 19:08:52 UTC

  pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via pam_namespace
    - debian/patches/pam_namespace_170.patch: sync pam_namespace module to
      version 1.7.0.
    - debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes
      from upstream git tree.
    - debian/patches/pam_namespace_revert_abi.patch: revert ABI change to
      prevent unintended issues in running daemons.
    - debian/patches/CVE-2025-6020-1.patch: fix potential privilege
      escalation.
    - debian/patches/CVE-2025-6020-2.patch: add flags to indicate path
      safety.
    - debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at
      the group ownership.
    - debian/patches/pam_namespace_o_directory.patch: removed, included in
      patch cluster above.
    - CVE-2025-6020

 -- Marc Deslauriers <email address hidden> Thu, 12 Jun 2025 10:45:28 -0400
CVE-2025-6020 A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to eleva


About   -   Send Feedback to @ubuntu_updates