- Issued:
- 2014-10-13
- Updated:
- 2014-10-13
RHBA-2014:1579 - pam bug fix update
Synopsis
pam bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated pam packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
Description
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
This update fixes the following bugs:
-
The pam_unix module contained an "off-by-one" error when comparing the date of user account expiration with the current date. In this situation, the real expiration of the account happened a day after the date specified by the "chage -E" command. This update fixes the "off-by-one" error and user accounts now expire on the date set by the "chage -E" command. (BZ#947011)
-
The pam_unix and pam_pwhistory modules did not properly handle missing fields in the entries in the /etc/security/opasswd file. As a consequence, if some of the fields were not present in a user's entry, changing the password for example with the passwd command could result in a segmentation fault. This bug has been fixed and pam_unix and pam_pwhistory now properly handle missing fields in the entries in /etc/security/opasswd. (BZ#1120099)
-
Previously, the pam_limits module did not verify whether the process referenced in the /var/run/utmp file as the login process still existed. As a consequence, when the user had the "maxlogins" limit set in the limits.conf file and the login session process terminated unexpectedly and also did not update the utmp file correctly, the user did not have access to the system even if some of his previous login session no longer existed due to the crash. After this update, pam_limits tests whether the login process still exists on the system. As a result, the number of existing login sessions is counted more precisely when the "maxlogins" limit is applied by the pam_limits module. (BZ#1054936)
-
Previously, the pam_userdb module handled the call to the crypt() function too strictly not to expect modern crypt hash formats. As a consequence, pam_userdb was not able to support any other hash algorithms supported by the glibc library for the user password hashes. This update improves the code handling the crypt() function. Now, pam_userdb supports any password hash formats supported by the glibc crypt() function. (BZ#1119289)
Users of pam are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- pam-1.1.1-20.el6.x86_64.rpm
- pam-debuginfo-1.1.1-20.el6.s390x.rpm
- pam-devel-1.1.1-20.el6.ppc.rpm
- pam-debuginfo-1.1.1-20.el6.x86_64.rpm
- pam-debuginfo-1.1.1-20.el6.ppc.rpm
- pam-1.1.1-20.el6.s390.rpm
- pam-devel-1.1.1-20.el6.s390x.rpm
- pam-1.1.1-20.el6.s390x.rpm
- pam-1.1.1-20.el6.src.rpm
- pam-devel-1.1.1-20.el6.i686.rpm
- pam-devel-1.1.1-20.el6.x86_64.rpm
- pam-debuginfo-1.1.1-20.el6.s390.rpm
- pam-debuginfo-1.1.1-20.el6.i686.rpm
- pam-1.1.1-20.el6.ppc.rpm
- pam-devel-1.1.1-20.el6.ppc64.rpm
- pam-devel-1.1.1-20.el6.s390.rpm
- pam-debuginfo-1.1.1-20.el6.ppc64.rpm
- pam-1.1.1-20.el6.i686.rpm
- pam-1.1.1-20.el6.ppc64.rpm
Fixes
- This content is not included.BZ - 740233
- This content is not included.BZ - 889233
- This content is not included.BZ - 947011
- This content is not included.BZ - 1026203
- This content is not included.BZ - 1028490
- This content is not included.BZ - 1029817
- This content is not included.BZ - 1040664
- This content is not included.BZ - 1054936
- This content is not included.BZ - 1071770
- This content is not included.BZ - 1078779
- This content is not included.BZ - 1119289
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.