Wednesday, June 18, 2025

[USN-7580-1] PAM vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhTAm4FAwAAAAAACgkQZWnYVadEvpNN
+Q//WbTJ6L5NaDh/VjAxKl5mgeN1BOsY+sQ+qmjYIqDLiC7pov2A8yHLmfUb8Yndbh3lG3cYJlQ0
/wEh0q8r4+WJfjC2R9CPhcK/nHwAugl6nk7zxUHgws6vvSneuEx6XkbPECR6GV8CuS0/bbLO51p6
+YINPJaWCNpf1VQIW/iifFupV17tBzOFgU5zroq2XbK2YpQV81c8sM+ZFuKhOxYBTlkmXwOBaMhs
B3auP3bdY2XiOElAmidO7d1Ih/ut5/x8ICjZJClNI0y4kcy5MluHLbsag17r8U3GP9RWObG0IBAG
ETEqt0pvX4DdSN4CIDXVHaJUKK1tVPSm66p5OeoK872fOJkuqgIOpEppEpjc0oqv0H1IrA4Jv0Fq
MA2HbYUy3I593obLaQDlaOOw/onuSBFTF2s4YnZuCH8kbbjHtm4/Q6D/52/3Eikz4zCCZsZe16JT
zCf0ua+ev0NGuJm2qgrZ5vxZBT7oPbGlXvKGGuJjG0O9GCpsbI7aMgk4SRRk+Dr4u8HrFzWV1ydH
uetwRRMNpe1KOJaJXKITvHvVEcYyrbDrMOWudaKOreoRte8Lz96j9HWTAEZyhMXdzrgldv/nN2kW
jcMYJh4thI1sXIMhfw+PBdMxZESMMzdq+pql9yHEkSlRvJ+8JEwxVQrV8burBAiwJ9/yEjKpATNf
YSo=
=wqtt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7580-1
June 18, 2025

pam vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

PAM could be made to run programs as an administrator.

Software Description:
- pam: Pluggable Authentication Modules

Details:

Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly
handled user-controlled paths. In environments where pam_namespace is used,
a local attacker could possibly use this issue to escalate their privileges
to root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.3

Ubuntu 24.10
libpam-modules 1.5.3-7ubuntu2.3

Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.4

Ubuntu 22.04 LTS
libpam-modules 1.4.0-11ubuntu2.6

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7580-1
CVE-2025-6020

Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu2.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.4
https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)