Ubuntu alert USN-7761-1 (pam)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7761-1] PAM vulnerability | |
| Date: | Mon, 22 Sep 2025 18:58:13 +0000 | |
| Message-ID: | <E1v0ljp-0001MM-2c@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7761-1 September 22, 2025 pam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: PAM could allow unintended access to network services. Software Description: - pam: Pluggable Authentication Modules Details: It was discovered that the PAM pam_access module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostnames and bypass access restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libpam-modules 1.5.3-7ubuntu4.4 Ubuntu 24.04 LTS libpam-modules 1.5.3-5ubuntu5.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7761-1 CVE-2024-10963 Package Information: https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.4 https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjRnDwACgkQcpJm3tlz hgFjShAApmdShOYCm1kK13e5grtNHJC5yIWXI/CKhkBHY1xO2hkWgWZVd4Gwh4V7 QZOtBi2GqlMYTo6Smw6KO0ExYSsMF3NkN3QgPGR28HoeRLgKcySYCBjdXzwuAhRv IYiQ1qe8ySHtDAiiw0OTnrH/iK6zZFQltQ9f49nm1ukSH7zhGhTCJJ1LnqSev0TO OIMM/LmqUgPoxMy0titoW7KhI8xrs67UzK6j1y+1fy8o4rS77l/bArWJ8kJFt0y/ +BUIKMAFQMw7IPcDBkb3o4lxky3wz2FFcIVqOnaK+xIZ6am2KKaET+MS2/n3kaMu 1a+tOG0LazrRlChSyYDuXpjZS4oer/UbeMNYiahAl4DLOdUp85bA1bWMMhTTKnb1 GizL8y/WhwQ1iUdq4dC1MTfpzd1p8yzDMxcP4YLd5eVrUB4sLMsv7OMILg+oTYvW R0XhuAhFfhunsijj2Z6czPq3QGsE44i8CibOMxQXtPoQDmLi9qJTHGNpxTCnnwOJ VvdVCZv5U1e5tV9WfZRJp1LTl4pnVoBnycerC6dhuOZ+0vKfxN4m/UGgpCW2M/xC J216tmZaLpemAG5U2Vai1iF6B5S0ONUMCLt7C/0rJXjFzTFozUCmajvkfozrIYY9 5b5ds6rJ475utNQjo5d0DNBZSr+ImBDEZbwxxuzw7Ad0D8KVD+Q= =Tzse -----END PGP SIGNATURE-----