Hello, Due to a security problem found in Linux-PAM, we released a new version today: 1.2.1 The only change compared with 1.2.0 is the security fix for CVE-2015-3238: If the process executing pam_sm_authenticate or pam_sm_chauthtok method of pam_unix is not privileged enough to check the password, e.g. if selinux is enabled, the _unix_run_helper_binary function is called. When a long enough password is supplied (16 pages or more, i.e. 65536+ bytes on a system with 4K pages), this helper function hangs indefinitely, blocked in the write(2) call while writing to a blocking pipe that has a limited capacity. With this fix, the verifiable password length will be limited to PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. We would like to thank Sebastien Macke of Trustwave SpiderLabs for the original bug report and Red Hat security response team for forwarding this issue. -- Thorsten Kukuk, Senior Architect SLES & Common Code Base SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
