Fedora 40 Update: pam-1.6.1-5.fc40
[SECURITY] Fedora 40 Update: pam-1.6.1-5.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-45478608e2
2024-12-06 01:36:22.592803+00:00
--------------------------------------------------------------------------------
Name : pam
Product : Fedora 40
Version : 1.6.1
Release : 5.fc40
URL : http://www.linux-pam.org/
Summary : An extensible library which provides authentication for applications
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.
--------------------------------------------------------------------------------
Update Information:
pam_access: rework resolving of tokens as hostname.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 28 2024 Iker Pedrosa [ipedrosa@redhat.com] - 1.6.1-5
- pam_access: rework resolving of tokens as hostname.
Resolves: CVE-2024-10963 and #2324299
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2324299 - CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2324299
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-45478608e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
