Information on source package pam

Available versions

ReleaseVersion
jessie1.1.8-3.1+deb8u2
stretch1.1.8-3.6
buster1.3.1-5
bullseye1.4.0-9+deb11u1
bookworm1.5.2-6+deb12u1
trixie1.5.3-7
sid1.5.3-7

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-22365vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...
CVE-2024-10963vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA flaw was found in pam_access, where certain rules in its configurati ...
CVE-2024-10041vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerablevulnerableA vulnerability was found in PAM. The secret information is stored in ...

Resolved issues

BugDescription
CVE-2022-28321The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...
CVE-2020-36394pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...
CVE-2020-27780A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it ...
CVE-2018-17953A incorrect variable in a SUSE specific patch for pam_access rule matc ...
CVE-2015-3238The _unix_run_helper_binary function in the pam_unix module in Linux-P ...
CVE-2014-2583Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...
CVE-2013-7041The pam_userdb module for Pam uses a case-insensitive method to compar ...
CVE-2011-3628Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...
CVE-2011-3149The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...
CVE-2011-3148Stack-based buffer overflow in the _assemble_line function in modules/ ...
CVE-2010-4708The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...
CVE-2010-4707The check_acl function in pam_xauth.c in the pam_xauth module in Linux ...
CVE-2010-4706The pam_sm_close_session function in pam_xauth.c in the pam_xauth modu ...
CVE-2010-3853pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...
CVE-2010-3435The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...
CVE-2010-3431The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...
CVE-2010-3430The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...
CVE-2010-3316The run_coprocess function in pam_xauth.c in the pam_xauth module in L ...
CVE-2010-0832pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1 ...
CVE-2009-3232pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GN ...
CVE-2009-0887Integer signedness error in the _pam_StrTok function in libpam/pam_mis ...
CVE-2009-0579Linux-PAM before 1.0.4 does not enforce the minimum password age (MIND ...
CVE-2007-0003pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...
CVE-2005-2977The SELinux version of PAM before 0.78 r3 allows local users to perfor ...
CVE-2003-0388pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...
CVE-2002-1227PAM 0.76 treats a disabled password as if it were an empty (null) pass ...

Security announcements

DSA / DLADescription
DSA-2326-1pam - several
DSA-177pam - serious security violation

Search for package or bug name: Reporting problems