Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHBA-2013:0032 - Bug Fix Advisory
Issued:
2013-01-07
Updated:
2013-01-07

RHBA-2013:0032 - Bug Fix Advisory

  • Overview
  • Updated Packages

Synopsis

pam bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pam packages that fix three bugs and add various enhancements are now
available for Red Hat Enterprise Linux 5.

Description

Pluggable Authentication Modules (PAM) provide a system to set up authentication
policies without the need to recompile programs to handle authentication.

This update fixes the following bugs:

  • Due to an error in the %post script, the /var/log/faillog and

/var/log/tallylog files were truncated on PAM upgrade. Consequently, the user
authentication failure records were lost. The %post script has been fixed, and
the user authentication failure records are now preserved during the pam package
upgrade. (BZ#614765)

  • When the "remember" option was used, the pam_unix and pam_cracklib modules

were matching usernames incorrectly while searching for the old password entries
in the /etc/security/opasswd file. Due to this bug, the old password entries
could be mixed; the users whose usernames were a substring of another username
could have the passwords entries of another user. With this update, the string
that is used to match usernames has been fixed. Now only the exact same
usernames are matched and the entries about old passwords are no longer mixed in
the described scenario. (BZ#768087)

  • Prior to this update, using the pam_pwhistory module caused an error when

changing user's password. It was not possible to choose any password, that was
in user's password history, as a new password. With this update, root can change
the password regardless of whether it is in the user's history or not.
(BZ#824858)

This update also adds the following enhancements:

  • Prior to this update, the pam_listfile module was searching through all group

entries using the getgrent command when looking for group matches. Due to this
implementation, getgrent took too much time on systems using central identity
servers such as LDAP for storing large number of groups. This feature has been
replaced by more efficient implementation, which does not require to look up
through all groups on the system. As a result, pam_listfile is now much faster
in the described scenario. (BZ#551312)

  • Previously, the pam_access module did not include the nodefgroup option.

Consequently, it was impossible to differentiate between users and groups using
this module. This enhancement adds backported support for the nodefgroup option
of pam_access. When using this option, the user field of the entries in the
access.conf file is not matched against groups on the system. The group matches
have to be explicitly marked with parentheses "(" and ")". (BZ#675835)

  • Prior to this update, when the pam_exec module ran an external command, the

environment variables such as PAM_USER or PAM_HOST were not exported. This
enhancement adds support for exporting environment variables, including those
which contains common PAM item values from the PAM environment to the script
that is executed by the pam_exec module. (BZ#554518)

  • This update improved the pam_cracklib module, which is used to check

properties of a new password entered by the user and reject it if it does not
meet the specified limits. The pam_cracklib module now allows to check whether a
new password contains the words from the GECOS field entries in the
"/etc/passwd" file. It also allows to specify the maximum allowed number of
consecutive characters of the same class (lowercase, uppercase, number, and
special characters) in a password. (BZ#809247)

All pam users are advised to upgrade to these updated packages, which fix these
bugs and adds these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 551312 - [RFE] pam_listfile calls getgrent(), apply patch to call pam_modutil_user_in_group_nam_nam()
  • BZ - 554518 - pam_exec doesn't export environment variables
  • BZ - 614765 - PAM truncates /var/log/faillog on upgrade
  • BZ - 768087 - pam remember can check wrong username if it is a substring of another username

CVEs

(none)

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
x86_64
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-0.99.6.2-12.el5.x86_64.rpm SHA-256: b233dc285fc4eac4cb46dd7da7c67d860ccf0a00aa099974a406df29b911d9e4
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.x86_64.rpm SHA-256: f616bce153d28b991452b92c25f1a710782d7a91e0d9344f77461800ef9c33ea
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a
pam-devel-0.99.6.2-12.el5.x86_64.rpm SHA-256: f9f42e75adf8431a9f64601c5ad676d56aa8d65038b4c342752702491cb64bb2
ia64
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-0.99.6.2-12.el5.ia64.rpm SHA-256: aa72a4259c210a582f7fe1a6c5fd2302dfe331e338c9c6c120ea469d2f7ce014
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.ia64.rpm SHA-256: dd1c2199ba26883d475ef42d0aac558ef272876ee07a43b2e245fdbac1251c7c
pam-devel-0.99.6.2-12.el5.ia64.rpm SHA-256: 46e870c64badf592fb8c211077470f8ba3ec2e7a8546541bcf0f6ff6e67ba8dc
i386
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a

Red Hat Enterprise Linux Workstation 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
x86_64
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-0.99.6.2-12.el5.x86_64.rpm SHA-256: b233dc285fc4eac4cb46dd7da7c67d860ccf0a00aa099974a406df29b911d9e4
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.x86_64.rpm SHA-256: f616bce153d28b991452b92c25f1a710782d7a91e0d9344f77461800ef9c33ea
pam-debuginfo-0.99.6.2-12.el5.x86_64.rpm SHA-256: f616bce153d28b991452b92c25f1a710782d7a91e0d9344f77461800ef9c33ea
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a
pam-devel-0.99.6.2-12.el5.x86_64.rpm SHA-256: f9f42e75adf8431a9f64601c5ad676d56aa8d65038b4c342752702491cb64bb2
i386
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a

Red Hat Enterprise Linux Desktop 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
x86_64
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-0.99.6.2-12.el5.x86_64.rpm SHA-256: b233dc285fc4eac4cb46dd7da7c67d860ccf0a00aa099974a406df29b911d9e4
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.x86_64.rpm SHA-256: f616bce153d28b991452b92c25f1a710782d7a91e0d9344f77461800ef9c33ea
i386
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
s390x
pam-0.99.6.2-12.el5.s390.rpm SHA-256: ea8b81cc45cf1f2394ccd3abfd0bf01fa3647cc3aef2a351242d68cda128497b
pam-0.99.6.2-12.el5.s390x.rpm SHA-256: b76820b05f2093901119a7a1904b34a63abd8d4de426aaad67dbafab5ad08eec
pam-debuginfo-0.99.6.2-12.el5.s390.rpm SHA-256: 79b43e633aae53145b6c5f62b1fdeb406c6f6f9a49fd983bc1bac5f7e5ef8e6f
pam-debuginfo-0.99.6.2-12.el5.s390x.rpm SHA-256: a81bd39de26a34add2c65cfe8b94717d47f0eb004fc4c72c9636d1c374a510c1
pam-devel-0.99.6.2-12.el5.s390.rpm SHA-256: cd5f4249f3affa1da64054bc87fe06d8e0a14478933cf83674f111066c7d883e
pam-devel-0.99.6.2-12.el5.s390x.rpm SHA-256: 0affc182f49d4424917d9883a3a576a7b2dbf7c02d3ba1695de28958af2e44aa

Red Hat Enterprise Linux for Power, big endian 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
ppc
pam-0.99.6.2-12.el5.ppc.rpm SHA-256: e1b8373e5c10a0038a178a8bcf4e64e52bdc3a4ae70afaf9c093021e5e51099a
pam-0.99.6.2-12.el5.ppc64.rpm SHA-256: 148f92ee6b9f33f295683b529e2ccd6dae79f10e14d1262c33ca149c9c3d40b7
pam-debuginfo-0.99.6.2-12.el5.ppc.rpm SHA-256: 058f99abd9ffb31286ba7c9bd59f30f2224f3639910a14da6f2e04349af2f6c7
pam-debuginfo-0.99.6.2-12.el5.ppc64.rpm SHA-256: fcbda3d4ab86bc41de0b4317f1ed5913dd8a5c4784118e6e12798620d83c1e93
pam-devel-0.99.6.2-12.el5.ppc.rpm SHA-256: 425988e9239e8dcd9c3c86baa624f70317cf7ad929bcb54d2d37d6313aadfe72
pam-devel-0.99.6.2-12.el5.ppc64.rpm SHA-256: 0c6b09475f7f7b5d502c428e60363a5d7169fd5c14f7eafd6bff5883ebfd2e53

Red Hat Enterprise Linux Server from RHUI 5

SRPM
pam-0.99.6.2-12.el5.src.rpm SHA-256: 13bee9f3620fd5e22e38e8b5832adb5f9131f253e8615e6481e9e18818fad11c
x86_64
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-0.99.6.2-12.el5.x86_64.rpm SHA-256: b233dc285fc4eac4cb46dd7da7c67d860ccf0a00aa099974a406df29b911d9e4
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-debuginfo-0.99.6.2-12.el5.x86_64.rpm SHA-256: f616bce153d28b991452b92c25f1a710782d7a91e0d9344f77461800ef9c33ea
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a
pam-devel-0.99.6.2-12.el5.x86_64.rpm SHA-256: f9f42e75adf8431a9f64601c5ad676d56aa8d65038b4c342752702491cb64bb2
i386
pam-0.99.6.2-12.el5.i386.rpm SHA-256: 77c1c50c5acf8fa61d8b366341a701f25452b3d6aca40efbaef5d88d6c97dd70
pam-debuginfo-0.99.6.2-12.el5.i386.rpm SHA-256: 42f87f75ad3c1009e85bb089b9fbfb6fbaeb4edcf03fa582d9335301e5096f0c
pam-devel-0.99.6.2-12.el5.i386.rpm SHA-256: da12ce76cfe0c76cc18f823cae33c0d8229790bd16f785b2d4cc827ac921308a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our Privacy Policy effective July 1st, 2023.
Red Hat Summit Red Hat Summit
Twitter