-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Aug 2025 11:06:11 +0200 Source: pam Architecture: source Version: 1.4.0-9+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Steve Langasek <vorlon@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1061097 1107919 Changes: pam (1.4.0-9+deb11u2) bullseye-security; urgency=medium . * Non Maintainer Upload by LTS team * Backport autopkgtest from bookworm * Fix CVE-2024-22365 (Closes: #1061097) A denial of service (blocked login process) was found via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. * Fix CVE-2025-6020 (Closes: #1107919) The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Checksums-Sha1: a38365e793a1c74177b79bf487a1b86a88bb17d0 2601 pam_1.4.0-9+deb11u2.dsc e26c6594c14680da42ea2875b60664ec159670bf 988908 pam_1.4.0.orig.tar.xz 309d9a593546f723674840b167fce9a76d328314 140736 pam_1.4.0-9+deb11u2.debian.tar.xz cd9b2bd8f05cca7133495d3f44903a885bab0579 5914 pam_1.4.0-9+deb11u2_source.buildinfo Checksums-Sha256: d2978a79eeffd7ef3e7a259a3965b127187a07decf558e7455bcf928970a0acf 2601 pam_1.4.0-9+deb11u2.dsc cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 988908 pam_1.4.0.orig.tar.xz 991c216e703e8fd23ab47a99c389f84e08c4a87801f8baaecf00db0184b84914 140736 pam_1.4.0-9+deb11u2.debian.tar.xz dc30e4775465d4e94b57d8ff364fe7197e443a29a43b480d6ce5f9ae6ee1a74f 5914 pam_1.4.0-9+deb11u2_source.buildinfo Files: 7bbbdbff5a519a38d267a611cc7bc498 2601 libs optional pam_1.4.0-9+deb11u2.dsc 39fca0523bccec6af4b63b5322276c84 988908 libs optional pam_1.4.0.orig.tar.xz c0030b33b09d8d0a5cf956d9b844f791 140736 libs optional pam_1.4.0-9+deb11u2.debian.tar.xz 317b9519849a90e55afe68b1c2eabd61 5914 libs optional pam_1.4.0-9+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjP2lAACgkQADoaLapB CF/0Eg//TEDGCbdWXjj4+9QFYYtlB0fib4MducVnCdGDQ0f/7IiXa4ie7uv4tUnj hOxMkacCg5qh119v+YbzoImu2oimEfFEctM1DhBs3EmuPlJrKy26R3vFdXKhnHkK Qk8QI99I+ncWrWOW7fFDQkTWeya8sbA6Z0PPfGFm00D7I7QxpPuRl6WL1tDXGsYz 3NyeFUKL8RYExtNHoG36+P4TuAGNNtH6v1nYAvdek9u2w+qi+1EJivzzHiHAajz8 KTnRC/3khTPC7x2DsUNCJzR3ehPs7H+ghno9gj+358qCfrVK+M63AJ5wkNIFlUb4 1BxNU9Io00kjU2DKHIzuKGKy3+1zTuGJHuibyHMSx3aIB9NUYNPzIVyT04adC/BI PeTh7uJK0TIti/OXUcBYnYNvvxO40ZcKjWsijnqY755UXTjDIwXF5FZCrfZXnUUx yl8wrbT/8T+HpN268ZZLaN2hVU4N7N7qWJEJjA5lnlAOmnW/HBDpqglF7UgR4UaJ CQ7TMNA9Dc8L3PjlKkuBRXxLV5QbjdK50alw/a71APxsFW8euJ05TmjOalZCPCHP P2ZXKg4p8B0t4fLoAw0XDI58BdYwB2KackahZfM4PANG+EvBfq9j0OIvEP1sDeb9 zq0vXHml1YyZ4VMEUjw251gZ3JiRlXiWmg2c/Vcc0AX05pilp5Q= =k80H -----END PGP SIGNATURE-----