Register | Log in

pam-pkcs11

Fully featured PAM module for using PKCS#11 smart cards

Choose email to subscribe with

general

source: pam-pkcs11 (main)
version: 0.6.13-1
maintainer: Ludovic Rousseau (DMD)
arch: any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.6.9-3
oldstable: 0.6.11-4
old-sec: 0.6.11-4+deb11u1
stable: 0.6.12-1
stable-sec: 0.6.12-1+deb12u1
stable-p-u: 0.6.12-1+deb12u1
testing: 0.6.13-1
unstable: 0.6.13-1

versioned links

0.6.9-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.11-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.11-4+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.12-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.12-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.13-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpam-pkcs11 (1 bugs: 0, 1, 0, 0)

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-24031: PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

Created: 2025-02-07 Last update: 2025-02-27 05:02

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-24031: PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

Created: 2025-02-10 Last update: 2025-02-27 05:02

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-03-01 Last update: 2025-02-09 09:01

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-24031: (postponed; to be fixed through a stable update) PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-02-07 Last update: 2025-02-27 05:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:24

news

[2025-02-18] Accepted pam-pkcs11 0.6.11-4+deb11u1 (source) into oldstable-security (Emilio Pozuelo Monfort)
[2025-02-16] Accepted pam-pkcs11 0.6.12-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-02-14] pam-pkcs11 0.6.13-1 MIGRATED to testing (Debian testing watch)
[2025-02-12] Accepted pam-pkcs11 0.6.12-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-02-08] Accepted pam-pkcs11 0.6.13-1 (source) into unstable (Ludovic Rousseau)
[2024-02-06] pam-pkcs11 0.6.12-2 MIGRATED to testing (Debian testing watch)
[2024-01-31] Accepted pam-pkcs11 0.6.12-2 (source) into unstable (Ludovic Rousseau)
[2023-02-10] pam-pkcs11 0.6.12-1 MIGRATED to testing (Debian testing watch)
[2023-02-04] Accepted pam-pkcs11 0.6.12-1 (source) into unstable (Ludovic Rousseau)
[2021-01-24] pam-pkcs11 0.6.11-4 MIGRATED to testing (Debian testing watch)
[2021-01-18] Accepted pam-pkcs11 0.6.11-4 (source) into unstable (Ludovic Rousseau)
[2020-10-26] pam-pkcs11 0.6.11-3 MIGRATED to testing (Debian testing watch)
[2020-10-15] Accepted pam-pkcs11 0.6.11-3 (source) into unstable (Ludovic Rousseau)
[2019-08-10] pam-pkcs11 0.6.11-2 MIGRATED to testing (Debian testing watch)
[2019-08-04] Accepted pam-pkcs11 0.6.11-2 (source) into unstable (Ludovic Rousseau)
[2019-05-22] Accepted pam-pkcs11 0.6.11-1 (source amd64) into unstable (Ludovic Rousseau)
[2018-03-31] pam-pkcs11 0.6.9-3 MIGRATED to testing (Debian testing watch)
[2018-03-25] Accepted pam-pkcs11 0.6.9-3 (source amd64) into unstable (Ludovic Rousseau)
[2017-12-24] pam-pkcs11 0.6.9-2 MIGRATED to testing (Debian testing watch)
[2017-12-18] Accepted pam-pkcs11 0.6.9-2 (source amd64) into unstable (Ludovic Rousseau)
[2016-10-04] pam-pkcs11 0.6.9-1 MIGRATED to testing (Debian testing watch)
[2016-09-28] Accepted pam-pkcs11 0.6.9-1 (source amd64) into unstable (Ludovic Rousseau)
[2014-02-21] pam-pkcs11 0.6.8-4 MIGRATED to testing (Debian testing watch)
[2014-02-15] Accepted pam-pkcs11 0.6.8-4 (source amd64) (Ludovic Rousseau)
[2014-02-13] pam-pkcs11 0.6.8-3 MIGRATED to testing (Debian testing watch)
[2014-02-02] Accepted pam-pkcs11 0.6.8-3 (source amd64) (Ludovic Rousseau)
[2013-05-05] pam-pkcs11 0.6.8-2 MIGRATED to testing (Debian testing watch)
[2013-01-12] Accepted pam-pkcs11 0.6.8-2 (source amd64) (Ludovic Rousseau)
[2012-04-18] pam-pkcs11 0.6.8-1 MIGRATED to testing (Debian testing watch)
[2012-04-07] Accepted pam-pkcs11 0.6.8-1 (source amd64) (Ludovic Rousseau)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 39)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.6.13-1
4 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing