[v3.2] Linux-PAM: security issue in the pam_unix module (CVE-2015-3238)
Due to a security problem found in Linux-PAM, we released a
new version today: 1.2.1
The only change compared with 1.2.0 is the security fix for
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
(from redmine: issue id 4391, created on 2015-06-26, closed on 2019-05-03)
- parent #4387
- Revision d294bb94 by Natanael Copa on 2015-07-07T19:49:18Z:
main/linux-pam: security upgrade to 1.2.1 (CVE-2015-3238) ref #4387 fixes #4391