Information on source package pam

Available versions

ReleaseVersion
jessie1.1.8-3.1+deb8u2
stretch1.1.8-3.6
buster1.3.1-5
bullseye1.4.0-9+deb11u1
bookworm1.5.2-6+deb12u1
trixie1.5.3-7
sid1.5.3-7

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-22365vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...
CVE-2024-10041vulnerablevulnerablevulnerablevulnerablevulnerable (no DSA)vulnerablevulnerableA vulnerability was found in PAM. The secret information is stored in ...

Resolved issues

BugDescription
CVE-2022-28321The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...
CVE-2020-36394pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...
CVE-2020-27780A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it ...
CVE-2018-17953A incorrect variable in a SUSE specific patch for pam_access rule matc ...
CVE-2015-3238The _unix_run_helper_binary function in the pam_unix module in Linux-P ...
CVE-2014-2583Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...
CVE-2013-7041The pam_userdb module for Pam uses a case-insensitive method to compar ...
CVE-2011-3628Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...
CVE-2011-3149The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...
CVE-2011-3148Stack-based buffer overflow in the _assemble_line function in modules/ ...
CVE-2010-4708The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...
CVE-2010-4707The check_acl function in pam_xauth.c in the pam_xauth module in Linux ...
CVE-2010-4706The pam_sm_close_session function in pam_xauth.c in the pam_xauth modu ...
CVE-2010-3853pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...
CVE-2010-3435The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...
CVE-2010-3431The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...
CVE-2010-3430The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...
CVE-2010-3316The run_coprocess function in pam_xauth.c in the pam_xauth module in L ...
CVE-2010-0832pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1 ...
CVE-2009-3232pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GN ...
CVE-2009-0887Integer signedness error in the _pam_StrTok function in libpam/pam_mis ...
CVE-2009-0579Linux-PAM before 1.0.4 does not enforce the minimum password age (MIND ...
CVE-2007-0003pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...
CVE-2005-2977The SELinux version of PAM before 0.78 r3 allows local users to perfor ...
CVE-2003-0388pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...
CVE-2002-1227PAM 0.76 treats a disabled password as if it were an empty (null) pass ...

Security announcements

DSA / DLADescription
DSA-2326-1pam - several
DSA-177pam - serious security violation
Search for package or bug name: Reporting problems