[ubuntu/jammy-security] pam 1.4.0-11ubuntu2.6 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 18 16:22:23 UTC 2025
pam (1.4.0-11ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches-applied/pam_namespace_170.patch: sync pam_namespace
module to version 1.7.0.
- debian/patches-applied/pam_namespace_post170-*.patch: add post-1.7.0
changes from upstream git tree.
- debian/patches-applied/pam_namespace_revert_abi.patch: revert ABI
change to prevent unintended issues in running daemons.
- debian/patches-applied/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches-applied/CVE-2025-6020-2.patch: add flags to indicate
path safety.
- debian/patches-applied/CVE-2025-6020-3.patch: secure_opendir: do not
look at the group ownership.
- debian/patches-applied/CVE-2024-22365.patch: removed, included in
patch cluster above.
- CVE-2025-6020
pam (1.4.0-11ubuntu2.5) jammy; urgency=medium
* Honor private home directory permissions (LP: #1957024)
Date: 2025-06-12 21:55:23.497396+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list