[ubuntu/plucky-security] pam 1.5.3-7ubuntu4.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 18 16:22:03 UTC 2025
pam (1.5.3-7ubuntu4.3) plucky-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches/pam_namespace_170.patch: sync pam_namespace module to
version 1.7.0.
- debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes
from upstream git tree.
- debian/patches/pam_namespace_revert_abi.patch: revert ABI change to
prevent unintended issues in running daemons.
- debian/patches/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches/CVE-2025-6020-2.patch: add flags to indicate path
safety.
- debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at
the group ownership.
- debian/patches/pam_namespace_o_directory.patch: removed, included in
patch cluster above.
- CVE-2025-6020
Date: 2025-06-17 11:52:12.993585+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list