Release Info

Advisory: CLSA-2023:1675111190

OS: Ubuntu 16.04 ELS

Public date: 2023-01-30 00:00:00

Project: pam

Version: 1.1.8-3.2ubuntu2.3+tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2023-1675111190.html

Changelog

* SECURITY UPDATE: access denial bypass in pam_access.so - debian/patches-applied/CVE-2022-28321.patch: properly use getnameinfo() and getaddrinfo() to handle hostnames in access.conf, add freeaddrinfo() to avoid memory leaks on return from network_netmask_match() as well - CVE-2022-28321

Update

Update command: apt-get update apt-get --only-upgrade install pam*

Packages list

libpam-cracklib_1.1.8-3.2ubuntu2.3+tuxcare.els1_amd64.deb libpam-doc_1.1.8-3.2ubuntu2.3+tuxcare.els1_all.deb libpam-modules_1.1.8-3.2ubuntu2.3+tuxcare.els1_amd64.deb libpam-modules-bin_1.1.8-3.2ubuntu2.3+tuxcare.els1_amd64.deb libpam-runtime_1.1.8-3.2ubuntu2.3+tuxcare.els1_all.deb libpam0g_1.1.8-3.2ubuntu2.3+tuxcare.els1_amd64.deb libpam0g-dev_1.1.8-3.2ubuntu2.3+tuxcare.els1_amd64.deb

CVEs

CVE-2022-28321