[Buildroot] [PATCH 1/1] package/linux-pam: security bump to version 1.5.1

Fabrice Fontaine fontaine.fabrice at gmail.com
Thu Nov 26 19:29:50 UTC 2020


Fix CVE-2020-27780 - authentication bypass when a user doesn't exist and
root password is blank

https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 package/linux-pam/linux-pam.hash | 4 ++--
 package/linux-pam/linux-pam.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/linux-pam/linux-pam.hash b/package/linux-pam/linux-pam.hash
index 15e67a5e4c..10cd7be9c4 100644
--- a/package/linux-pam/linux-pam.hash
+++ b/package/linux-pam/linux-pam.hash
@@ -1,6 +1,6 @@
 # Locally computed hashes after checking signature at
-# https://github.com/linux-pam/linux-pam/releases/download/v1.5.0/Linux-PAM-1.5.0.tar.xz.asc
+# https://github.com/linux-pam/linux-pam/releases/download/v1.5.1/Linux-PAM-1.5.1.tar.xz.asc
 # signed with the key 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB
-sha256  02d39854b508fae9dc713f7733bbcdadbe17b50de965aedddd65bcb6cc7852c8  Linux-PAM-1.5.0.tar.xz
+sha256  201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc  Linux-PAM-1.5.1.tar.xz
 # Locally computed
 sha256  133d98e7a2ab3ffd330b4debb0bfc10fea21e4b2b5a5b09de2e924293be5ff08  Copyright
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 176830c1d3..61d9542c02 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LINUX_PAM_VERSION = 1.5.0
+LINUX_PAM_VERSION = 1.5.1
 LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.xz
 LINUX_PAM_SITE = https://github.com/linux-pam/linux-pam/releases/download/v$(LINUX_PAM_VERSION)
 LINUX_PAM_INSTALL_STAGING = YES
-- 
2.29.2




More information about the buildroot mailing list