SUSE-SU-2017:1398-1

UNKNOWN

Security update for pam

Published May 24, 2017

Modified 8 years ago

Fix available

Details

This update for pam fixes the following issues:

CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920).
log a hint to syslog if /etc/nologin is present, but empty (bsc#1015565).
If /etc/nologin is present, but empty, log a hint to syslog. (bsc#1015565)
Added support for libowcrypt.so, if present, to configure support for BLOWFISH (bsc#1037824)

Affected Packages

pam

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

Fixed in:

1.1.8-23.1

pam-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

1.1.8-23.1

pam-doc

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

Fixed in:

1.1.8-23.1

pam-devel

SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2

Fixed in:

1.1.8-23.1

References

REPORT

https://bugzilla.suse.com/1015565

REPORT

https://bugzilla.suse.com/1037824

REPORT