Opened 4 years ago

Closed 4 years ago

#14306 closed enhancement (fixed)

Linux-PAM-1.5.1 (CVE-2020-27780)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Xi Ruoyao, 4 years ago

Priority: normalhigh
Summary: Linux-PAM-1.5.1Linux-PAM-1.5.1 (CVE-2020-27780)
Release 1.5.1
* pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
            doesn't exist and root password is blank
* pam_faillock: added nodelay option to not set pam_fail_delay
* pam_wheel: use pam_modutil_user_in_group to check for the group membership
             with getgrouplist where it is available

comment:2 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r23942

Note: See TracTickets for help on using tickets.