This is release fixes only a security issue in pam_unix module and a regression in pam_limits introduced with version 0.80. When SELinux was enabled the unix_chkpwd helper didn't verify the user which was executing it and if SELinux policy didn't prevent it or if SELinux was running in permissive mode it would allow brute force attacks on other users passwords. The new release adds additional check before password verification and logs attempts with wrong password. Some user limits set in the limits.conf were applied incorrectly. The new release fixes the problem. Dmitry V. Levin, Sebastien Tricaud, Thorsten Kukuk, Tomas Mraz. -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
