Opened 3 years ago
Closed 3 years ago
#14306 closed enhancement (fixed)
Linux-PAM-1.5.1 (CVE-2020-27780)
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (3)
comment:1 by , 3 years ago
| Priority: | normal → high |
|---|---|
| Summary: | Linux-PAM-1.5.1 → Linux-PAM-1.5.1 (CVE-2020-27780) |
comment:2 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Release 1.5.1 * pam_unix: fixed CVE-2020-27780 - authentication bypass when a user doesn't exist and root password is blank * pam_faillock: added nodelay option to not set pam_fail_delay * pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available