INFSA-2024:3163: PAM security update
Information about definition
Identificator: INFSA-2024:3163
Type: security
Release date: 2024-08-23 18:52:16 UTC
Information about package
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Vulnerabilities description
- CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-22365
|
no information | 5.5 | no information |
Updated packages