USN-6588-2: PAM vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 18.04
- Cflinuxfs3
Description
USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6588-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-cracklib - 1.1.8-3.2ubuntu2.3+esm5 libpam-doc - 1.1.8-3.2ubuntu2.3+esm5 libpam-modules - 1.1.8-3.2ubuntu2.3+esm5 libpam-modules-bin - 1.1.8-3.2ubuntu2.3+esm5 libpam-runtime - 1.1.8-3.2ubuntu2.3+esm5 libpam0g - 1.1.8-3.2ubuntu2.3+esm5 libpam0g-dev - 1.1.8-3.2ubuntu2.3+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.
Fixed VMware Products and Versions
- Operations Manager Image
- 2.10.72 or greater
- Platform Automation Toolkit
- 4.432 or greater
- 5.0.25 or greater
- 5.1.2 or greater
- Tanzu Greenplum for Kubernetes
- 2.0.0 or greater
- Xenial Stemcells
- 621.924 or greater
- CF Deployment
- 30.0.0 or greater
- Operations Manager
- 2.10.72 or greater
References
https://ubuntu.com/security/notices/USN-6588-2
https://www.cloudfoundry.org/blog/usn-6588-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6588-2
History
2024-03-26: Initial vulnerability report published.