Issued:: 2025-07-07
Updated:: 2025-07-07

RHSA-2025:10361 - Security Advisory

Overview
Updated Packages

Synopsis

Important: pam security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pam is now available for Red Hat Enterprise Linux 8.4 Extended Update Support EXTENSION.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.

Security Fix(es):

linux-pam: Linux-pam directory Traversal (CVE-2025-6020)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

BZ - 2372512 - CVE-2025-6020 linux-pam: Linux-pam directory Traversal

CVEs

CVE-2025-6020

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
pam-1.3.1-14.el8_4.1.src.rpm	SHA-256: dcc3cee166bafadd802efc3e70d4b58abba8bc902942ff42cbd7298378612467
x86_64
pam-1.3.1-14.el8_4.1.i686.rpm	SHA-256: 494d45bb176a7a5e085e93d3923fc918dc9d3aca27375aea036fb04d6aeb039a
pam-1.3.1-14.el8_4.1.x86_64.rpm	SHA-256: 3076f5181b7b906a42eee1f7b6f0b13706ed5ad924b9e8bb3c06832ef06480c0
pam-debuginfo-1.3.1-14.el8_4.1.i686.rpm	SHA-256: 2ad5eadb550a9a82a892ddc77086ff45115cd53b4d239dae95638fdf821af185
pam-debuginfo-1.3.1-14.el8_4.1.x86_64.rpm	SHA-256: e2051de49d8ab7c680be9353b17a8dad4650f7861ec45c29c5e016997840406e
pam-debugsource-1.3.1-14.el8_4.1.i686.rpm	SHA-256: cd99aac3d2f3061770ba0b28a8988a1b17b01af8df150e2c889eeced952669e6
pam-debugsource-1.3.1-14.el8_4.1.x86_64.rpm	SHA-256: b0f5de64fdf1e0cdcd8fe937c75bb3bfc6bf9cd631c86c7edfc856e48620f22e
pam-devel-1.3.1-14.el8_4.1.i686.rpm	SHA-256: c54ef030d54cae1d8bfaf353874b3113f89da4e6e42ff9ea69bd2f209009916f
pam-devel-1.3.1-14.el8_4.1.x86_64.rpm	SHA-256: 2ff4bfb21ea27de9904a5af5675857da189fa5f420af548c29cf4f0ebc89ca8e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation