[USN-7363-1] PAM-PKCS#11 vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmfca9AFAwAAAAAACgkQa1+PL+d1/Ej1
YAv/SgrsVDb/VHI6Y5wFgmV+W76HdJG7v2atYn6wBxqt+qyfiU3YxlRFx+OGPNVnvf5IPedIHXS7
gW/cy9DwLw3KIhcAWboS0Pxqjx/rQ/b0TBL6a5BLbTQrJkDR/Zy4xAtSgBsE2zYFLsM7xpmqK5s0
bCwRdTfGe0s0B8og5ggS7lPYc/9IIeMwt1OIqbOBFhsANxPLP/snw3/e2OIQ+8+a5GjgQ05c/X7q
6NV1ydhNOaXH944D4VUcMTGsjin8C8JnwrO96m3k7fnKTAPb6pZHEb5cTmzAGY7pkhTZiE0IIiOk
4/SnRhf4sIsffy87Tupl6ygOjR2pSPWRojVshQqGqvJy6iHtB0al6+RViBqLXwv73+rAM2JnYXdG
tlgy3LNatz+JiDJ6ZsRyqI5f2JV1L1/YcvTAuVct/VDptvqTbws7erYPPFDvRCpXWagIVCBlh3T1
sI0tHdVEGCF2zbTkWgEx8kTJZayxg9hsJzeZEmnsjQ5g0n7Ry4hzrzccMkIz
=VK3L
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7363-1
March 20, 2025

pam-pkcs11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

PAM-PKCS#11 could be used to bypass authentication.

Software Description:
- pam-pkcs11: Fully featured PAM module for using PKCS#11 smart cards

Details:

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)

It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  libpam-pkcs11                   0.6.12-2ubuntu0.24.10.1

Ubuntu 24.04 LTS
  libpam-pkcs11                   0.6.12-2ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libpam-pkcs11                   0.6.11-4ubuntu0.1

Ubuntu 20.04 LTS
  libpam-pkcs11                   0.6.11-2ubuntu0.1

Ubuntu 18.04 LTS
  libpam-pkcs11                   0.6.9-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libpam-pkcs11                   0.6.8-4ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7363-1
  CVE-2025-24032, CVE-2025-24531

Package Information:
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.12-2ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.12-2ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.11-4ubuntu0.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.11-2ubuntu0.1