You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa pam

Sigurnosni nedostaci programskog paketa pam

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-12-06 01:54:07

Name : pam
Product : Fedora 20
Version : 1.1.8
Release : 2.fc20
Summary : An extensible library which provides authentication for applications
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

Update Information:

Update fixing minor security issues and bugs.


* Thu Dec 4 2014 Tomáš Mráz <> 1.1.8-2
– fix CVE-2014-2583: potential path traversal issue in pam_timestamp
– fix CVE-2013-7041: use case sensitive comparison in pam_userdb
– be tolerant to corrupted opasswd file

[ 1 ] Bug #1080243 – CVE-2014-2583 pam: path traversal issue in pam_timestamp’s format_timestamp_name()
[ 2 ] Bug #1038555 – CVE-2013-7041 pam: pam_userdb case insensitive password hash comparison

This update can be installed with the “yum” update program. Use
su -c ‘yum update pam’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2014-12-0013-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa tcpdump

Otkriven je sigurnosni nedostatak u programskom paketu tcpdump za Fedoru 20. Otkriveni nedostatak je uzrokovan neispravnom obradom PPP paketa što...