Red Hat Product Errata RHBA-2011:0685 - Bug Fix Advisory
Issued:
2011-05-19
Updated:
2011-05-19

RHBA-2011:0685 - Bug Fix Advisory

Synopsis

pam bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pam packages that fix bugs and add enhancements are now available.

Description

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.

These updated pam packages fix the following bugs:

  • When the pam packages were updated, the /var/log/tallylog and

/var/log/faillog files were overwritten with empty files because of
an incorrect condition check in the %post script. This has been
corrected, and PAM no longer attempts to overwrite tallylog and
faillog files when they exist prior to update. (BZ#614766)

  • A code review revealed several small memory leaks and improperly

handled error paths in pam_namespace, pam_selinux, pam_limits,
pam_pwhistory, pam_time, and pam_group modules. These issues have
been corrected. (BZ#679069)

These updated packages also provide the following enhancements:

  • The pam_limits module, which sets resource limits for processes,

now supports matching individual and ranges of user and group
identifiers in its limits.conf configuration file. (BZ#622847)

  • A new pam_faillock module was added to support temporary locking of

user accounts in the event of multiple failed authentication
attempts. This new module improves functionality over the existing
pam_tally2 module, as it also allows temporary locking when the
authentication attempts are done over a screen saver. (BZ#644971)

  • The audit records provided by the pam_selinux and pam_tally2

modules have been improved to include tty and remote hostname
information in each recorded event. (BZ#677664)

All pam users are advised to upgrade to these updated packages, which resolve
these issues and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

  • BZ - 614766 - PAM truncates /var/log/faillog on upgrade
  • BZ - 677664 - pam USER_ROLE_CHANGE audit events missing some info

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux Workstation 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux Desktop 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
s390x
pam-1.1.1-8.el6.s390.rpm SHA-256: 4b6e96764a7ec4c29050d9cf78b70e2b282dea5df5f867e22d67ba6bff071cc4
pam-1.1.1-8.el6.s390x.rpm SHA-256: 28d7458ce91bd18a6a61e09b56454ca6dcb3c440cf64067929358d9b5397e9b5
pam-debuginfo-1.1.1-8.el6.s390.rpm SHA-256: b45311f20ce4b0d88a6eddd3322f07c5738a2b682c37bac07cb531e8d184807f
pam-debuginfo-1.1.1-8.el6.s390x.rpm SHA-256: 8795fb5b4e851e0f07eb4121ce2440e4665a99ef2c28a49e431142756631d0bd
pam-devel-1.1.1-8.el6.s390.rpm SHA-256: 3db31d4dac383df2f5a3645063775def12c660f0e40d525b44c4c547814b98b4
pam-devel-1.1.1-8.el6.s390x.rpm SHA-256: 5903fd466d21d152f001282ca922ed70301e88d133e0d823cc0a1f81c7244b7b

Red Hat Enterprise Linux for Power, big endian 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
ppc64
pam-1.1.1-8.el6.ppc.rpm SHA-256: 82cca64e5eb62023db2dccf62edb8f969d36cebb47baa07734308ddc3fb1e9dd
pam-1.1.1-8.el6.ppc64.rpm SHA-256: febc5fbf8d3903cb60c307d0ca1d869bb9d3c6a41adc8f0b09566efbe748b8f9
pam-debuginfo-1.1.1-8.el6.ppc.rpm SHA-256: d7e8089991d2d7d9d562d53b3450577ad239219e09367fcdbac91df1a25037c2
pam-debuginfo-1.1.1-8.el6.ppc64.rpm SHA-256: 109c2f320decf3d081862c7b9fadae6b759ddfb79b7c09be85037aa6b91a5b29
pam-devel-1.1.1-8.el6.ppc.rpm SHA-256: 19b99928da51c90c81b8219c2ceab2af4aa8d11c688600cf0bd695034e931c80
pam-devel-1.1.1-8.el6.ppc64.rpm SHA-256: 125e8eae0f28b822254057f2f7dff6700288ad81200536dc23319939345d5631

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425

Red Hat Enterprise Linux Server from RHUI 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
s390x
pam-1.1.1-8.el6.s390.rpm SHA-256: 4b6e96764a7ec4c29050d9cf78b70e2b282dea5df5f867e22d67ba6bff071cc4
pam-1.1.1-8.el6.s390x.rpm SHA-256: 28d7458ce91bd18a6a61e09b56454ca6dcb3c440cf64067929358d9b5397e9b5
pam-debuginfo-1.1.1-8.el6.s390.rpm SHA-256: b45311f20ce4b0d88a6eddd3322f07c5738a2b682c37bac07cb531e8d184807f
pam-debuginfo-1.1.1-8.el6.s390x.rpm SHA-256: 8795fb5b4e851e0f07eb4121ce2440e4665a99ef2c28a49e431142756631d0bd
pam-devel-1.1.1-8.el6.s390.rpm SHA-256: 3db31d4dac383df2f5a3645063775def12c660f0e40d525b44c4c547814b98b4
pam-devel-1.1.1-8.el6.s390x.rpm SHA-256: 5903fd466d21d152f001282ca922ed70301e88d133e0d823cc0a1f81c7244b7b

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
x86_64
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-1.1.1-8.el6.x86_64.rpm SHA-256: 7d7a9dfcf8b54fbbb19d94921fe59370002abb57568b6ec0ac4a70e94f1d16fa
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-debuginfo-1.1.1-8.el6.x86_64.rpm SHA-256: c53910409e37a0cec1a6e669e0bedb58671c1bca1450160ccad43d3488f065dc
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b
pam-devel-1.1.1-8.el6.x86_64.rpm SHA-256: eba667c3d3f046a4baec423a4632c0e2b91b81512bb193f7a70e3766b3688425
i386
pam-1.1.1-8.el6.i686.rpm SHA-256: 8545e59726ff0caa671ec77f89431d1aa01d509decb990f1843e260b3899ef2e
pam-debuginfo-1.1.1-8.el6.i686.rpm SHA-256: b8dda28b7c8f7af222883047ac2882a5ab161a2ee7ddc9036a4060a88fa7c773
pam-devel-1.1.1-8.el6.i686.rpm SHA-256: f0cce97c556c8c660b526b94f1d9ce2d8c563cdd5adc83884e7403e5be65146b

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
pam-1.1.1-8.el6.src.rpm SHA-256: 841f1edd80e76a0fdd440ea9b703bff79a18d0191530f5109e031712bb6aef67
s390x
pam-1.1.1-8.el6.s390.rpm SHA-256: 4b6e96764a7ec4c29050d9cf78b70e2b282dea5df5f867e22d67ba6bff071cc4
pam-1.1.1-8.el6.s390x.rpm SHA-256: 28d7458ce91bd18a6a61e09b56454ca6dcb3c440cf64067929358d9b5397e9b5
pam-debuginfo-1.1.1-8.el6.s390.rpm SHA-256: b45311f20ce4b0d88a6eddd3322f07c5738a2b682c37bac07cb531e8d184807f
pam-debuginfo-1.1.1-8.el6.s390x.rpm SHA-256: 8795fb5b4e851e0f07eb4121ce2440e4665a99ef2c28a49e431142756631d0bd
pam-devel-1.1.1-8.el6.s390.rpm SHA-256: 3db31d4dac383df2f5a3645063775def12c660f0e40d525b44c4c547814b98b4
pam-devel-1.1.1-8.el6.s390x.rpm SHA-256: 5903fd466d21d152f001282ca922ed70301e88d133e0d823cc0a1f81c7244b7b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.