[SECURITY] Fedora Core 3 Update: pam-0.77-66.2.13

"Tomas Mraz" <tmraz@xxxxxxxxxx> · Wed, 26 Oct 2005 13:24:07 -0400

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1030
2005-10-26
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : pam
Version     : 0.77                      
Release     : 66.2.13                  
Summary     : A security tool which provides authentication for applications.
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

---------------------------------------------------------------------
Update Information:

This update fixes a security bug in unix_chkpwd allowing
brute force attacks against passwords in /etc/shadow by a
regular user when SELinux is enabled.

---------------------------------------------------------------------
* Wed Oct 26 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 0.77-66.2.13
- fixed CAN-2005-2977 unix_chkpwd should skip user verification only if
  run as root (#168181)
- support no tty in pam_access (#170467)
- support unlimited limits (#171546)
- allow larger buffer for getgr* functions
- flush input first, then print the prompt in misc_conv
- improve the passwd-order patch so it doesn't regress
  passwd on the NIS master server

* Mon Jan 24 2005 Tomas Mraz <tmraz@xxxxxxxxxx>
- ALLGROUP and ALL limits weren't correctly applied by pam_limits
- Fix a typo in pam_localuser README

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

d1a8c71517ac457b12522906b5ca00e4  SRPMS/pam-0.77-66.2.13.src.rpm
bf60d28835a86303ec733ebd9ded454c  x86_64/pam-0.77-66.2.13.x86_64.rpm
a5ca72723f4141b7af15b9fc0e2f2411  x86_64/pam-devel-0.77-66.2.13.x86_64.rpm
cea2cac58b70de0e8b692dbd5687be32  x86_64/debug/pam-debuginfo-0.77-66.2.13.x86_64.rpm
7f888626b9ec2ec25ad5871366974b92  x86_64/pam-0.77-66.2.13.i386.rpm
2178f2baec355d9096b751f03d0f0ed7  x86_64/pam-devel-0.77-66.2.13.i386.rpm
7f888626b9ec2ec25ad5871366974b92  i386/pam-0.77-66.2.13.i386.rpm
2178f2baec355d9096b751f03d0f0ed7  i386/pam-devel-0.77-66.2.13.i386.rpm
0e2577415f68615d088d5d6fdbd303ab  i386/debug/pam-debuginfo-0.77-66.2.13.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 

fedora-announce-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-announce-list