[USN-7761-1] PAM vulnerability
noreply+usn-bot at canonical.com
noreply+usn-bot at canonical.com
Mon Sep 22 18:58:06 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7761-1
September 22, 2025
pam vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
PAM could allow unintended access to network services.
Software Description:
- pam: Pluggable Authentication Modules
Details:
It was discovered that the PAM pam_access module incorrectly parsed
certain rules as hostnames. An attacker could possibly use this issue to
spoof hostnames and bypass access restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.4
Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7761-1
CVE-2024-10963
Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.4
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250922/2c741479/attachment.sig>
More information about the ubuntu-security-announce
mailing list