- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHBA-2009:0222 - Bug Fix Advisory
Synopsis
pam bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated pam packages that fix several bugs and add various enhancements are
now available for Red Hat Enterprise Linux 5.
Description
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs that handle authentication.
These updated pam packages provide fixes for the following bugs:
- the pam_unix module displayed two superfluous error prompts when a new
password was found in the old passwords file.
- certain modules, including pam_access, could fail group membership tests
on systems with groups containing a large number of members.
- under certain circumstances, the pam_tally module did not close a file
handle, which could have resulted in a denial of service.
- the pam_unix module redundantly looked up new passwords in the cracklib
word database, duplicating functionality that is performed by the
pam_cracklib module, and thus preventing the disabling of the cracklib
database lookup. This redundant behavior has therefore been removed from
the pam_unix module.
- the pam_loginuid module did not work with user ID (UID) numbers greater
than 31 bits.
- the limits.conf(5) man page has been updated to include information
stating that the Resident Set Size (RSS) limit is not enforced on current
kernels.
- the pam_rhosts_auth module was not able to identify hostnames with
leading digits.
In addition, these updated packages provide the following enhancements:
- a new PAM module, pam_tty_audit, which allows switching tty auditing on
and off, is now provided in these updated pam packages.
- the pam_lastlog module is now able to display information about the
number of failed login attempts by a user.
- the pam_cracklib module now contains additional algorithms to determine
the quality of user passwords.
Users are advised to upgrade to these updated pam packages, which resolve
these issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 244352 - TTY input audit support
- BZ - 438990 - pam should display number of failed login attempts
- BZ - 438994 - pam should enforce a couple password quality checks
- BZ - 443872 - Three error prompts from pam_unix with use_authtok for old password check
- BZ - 457024 - pam_tally file handler leak, causing DOS
- BZ - 460263 - pam_loginuid fails on 32 bit uid's
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
x86_64 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-0.99.6.2-4.el5.x86_64.rpm | SHA-256: c6214205ea3722ea6fc0f5a3bb6bc3e55ec4d1256c08f2e89ae73cc9811522ce |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
pam-devel-0.99.6.2-4.el5.x86_64.rpm | SHA-256: 933eb51708c4c08f52610338ab75d25d0ccb855df9f5f1d9ae46854d2d24af3c |
ia64 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-0.99.6.2-4.el5.ia64.rpm | SHA-256: e32483ce1db2634d24a386141a646e294b375a4905e3e9deddf169f8c8eadd45 |
pam-devel-0.99.6.2-4.el5.ia64.rpm | SHA-256: a9cc5522dff0d3fe9a31b58d2b9e6f3ca6b2f415164de217d0b12e40ff696d16 |
i386 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
x86_64 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-0.99.6.2-4.el5.x86_64.rpm | SHA-256: c6214205ea3722ea6fc0f5a3bb6bc3e55ec4d1256c08f2e89ae73cc9811522ce |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
pam-devel-0.99.6.2-4.el5.x86_64.rpm | SHA-256: 933eb51708c4c08f52610338ab75d25d0ccb855df9f5f1d9ae46854d2d24af3c |
i386 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
x86_64 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-0.99.6.2-4.el5.x86_64.rpm | SHA-256: c6214205ea3722ea6fc0f5a3bb6bc3e55ec4d1256c08f2e89ae73cc9811522ce |
i386 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
s390x | |
pam-0.99.6.2-4.el5.s390.rpm | SHA-256: 9f919eee6d2e1d008c4358bb29d349436a4be4f5d20eda266fa0bc5f826d4155 |
pam-0.99.6.2-4.el5.s390x.rpm | SHA-256: 4ca2385b9728ff92eb93387292824a222c2d966bc93d91372a277c1c26726bda |
pam-devel-0.99.6.2-4.el5.s390.rpm | SHA-256: 6374acb0f8024962ef8277a4b0dc88141c9915e2827fd7a88b137fea882b0454 |
pam-devel-0.99.6.2-4.el5.s390x.rpm | SHA-256: ad4a5b59d8dd6c7431ad8545817a5469cb293b6bb93c220376954f00b274c263 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
ppc | |
pam-0.99.6.2-4.el5.ppc.rpm | SHA-256: 6f74e52eb0dc73a58456ad27ae04b3d6a8c676f6385b8954183061bd7500878f |
pam-0.99.6.2-4.el5.ppc64.rpm | SHA-256: 7e2430e45d3e697a4640a91b44903a55393f0f565e5c5937637eadad47dd2702 |
pam-devel-0.99.6.2-4.el5.ppc.rpm | SHA-256: 3bff3519e90f325761b0c2a2de05951a7a60a6d8eb58bf2ff68ee40cce1b3f97 |
pam-devel-0.99.6.2-4.el5.ppc64.rpm | SHA-256: b1a7122d94729732ce02313c7ac018d9030cb651b31fbb2d0edf1f86b0eac842 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
pam-0.99.6.2-4.el5.src.rpm | SHA-256: 31ed7540edece661fbe1269f011260fe873769c58f90231bf67b2a0ed8f2004f |
x86_64 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-0.99.6.2-4.el5.x86_64.rpm | SHA-256: c6214205ea3722ea6fc0f5a3bb6bc3e55ec4d1256c08f2e89ae73cc9811522ce |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
pam-devel-0.99.6.2-4.el5.x86_64.rpm | SHA-256: 933eb51708c4c08f52610338ab75d25d0ccb855df9f5f1d9ae46854d2d24af3c |
i386 | |
pam-0.99.6.2-4.el5.i386.rpm | SHA-256: 4f7b928a2d90d36f19d292fe7f4589806f42d56f24681debf05ea2d62960a3a0 |
pam-devel-0.99.6.2-4.el5.i386.rpm | SHA-256: 67f3e5fe47cbaad57fd1fb2f48134f89bec3753433bae9114ef4c78f7af13db5 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.