Scientific Linux alert SLSA-2015:1640-1 (pam)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Moderate: pam on SL6.x, SL7.x i386/x86_64 
Date:
    	       Wed, 19 Aug 2015 13:13:57 +0000
Message-ID:
    	       <20150819131357.9753.29295@slpackages.fnal.gov>
Synopsis:          Moderate: pam security update
Advisory ID:       SLSA-2015:1640-1
Issue Date:        2015-08-18
CVE Numbers:       CVE-2015-3238
--

It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large
passwords to the unix_pam module could use this flaw to enumerate valid
user accounts, or cause a denial of service on the system. (CVE-2015-3238)
--

SL6
  x86_64
    pam-1.1.1-20.el6_7.1.i686.rpm
    pam-1.1.1-20.el6_7.1.x86_64.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
    pam-devel-1.1.1-20.el6_7.1.i686.rpm
    pam-devel-1.1.1-20.el6_7.1.x86_64.rpm
  i386
    pam-1.1.1-20.el6_7.1.i686.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
    pam-devel-1.1.1-20.el6_7.1.i686.rpm
SL7
  x86_64
    pam-1.1.8-12.el7_1.1.i686.rpm
    pam-1.1.8-12.el7_1.1.x86_64.rpm
    pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
    pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
    pam-devel-1.1.8-12.el7_1.1.i686.rpm
    pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Moderate: pam on SL6.x, SL7.x i386/x86_64
Date:		Wed, 19 Aug 2015 13:13:57 +0000
Message-ID:		<20150819131357.9753.29295@slpackages.fnal.gov>