[El-errata] ELSA-2010-0891 Moderate: Oracle Linux 6 pam security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Feb 16 13:01:53 PST 2011


Oracle Linux Security Advisory ELSA-2010-0891

https://rhn.redhat.com/errata/RHSA-2010-0891.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
pam-1.1.1-4.el6_0.1.i686.rpm
pam-devel-1.1.1-4.el6_0.1.i686.rpm

x86_64:
pam-1.1.1-4.el6_0.1.i686.rpm
pam-1.1.1-4.el6_0.1.x86_64.rpm
pam-devel-1.1.1-4.el6_0.1.i686.rpm
pam-devel-1.1.1-4.el6_0.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/el6/SRPMS-updates/pam-1.1.1-4.el6_0.1.src.rpm


Description of changes:

[1.1.1-4.1]
- fix insecure dropping of priviledges in pam_xauth, pam_env,
  and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335)
- fix insecure executing of scripts with user supplied environment
  variables in pam_namespace - CVE-2010-3853 (#643043)





More information about the El-errata mailing list