[Buildroot] [PATCH 1/1] package/linux-pam: security bump to version 1.5.1
Fabrice Fontaine
fontaine.fabrice at gmail.com
Thu Nov 26 16:49:42 UTC 2020
Le jeu. 26 nov. 2020 à 17:06, Peter Korsgaard <peter at korsgaard.com> a écrit :
>
> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
>
> > Fix CVE-2020-27780 - authentication bypass when a user doesn't exist and
> > root password is blank
>
> > https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1
>
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > ---
> > package/linux-pam/linux-pam.hash | 4 ++--
> > package/linux-pam/linux-pam.mk | 2 +-
> > 2 files changed, 3 insertions(+), 3 deletions(-)
>
> > diff --git a/package/linux-pam/linux-pam.hash b/package/linux-pam/linux-pam.hash
> > index 15e67a5e4c..10cd7be9c4 100644
> > --- a/package/linux-pam/linux-pam.hash
> > +++ b/package/linux-pam/linux-pam.hash
> > @@ -1,6 +1,6 @@
> > # Locally computed hashes after checking signature at
> > -# https://github.com/linux-pam/linux-pam/releases/download/v1.5.0/Linux-PAM-1.5.0.tar.xz.asc
> > +# https://github.com/linux-pam/linux-pam/releases/download/v1.5.1/Linux-PAM-1.5.1.tar.xz.asc
> > # signed with the key 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB
> > -sha256 02d39854b508fae9dc713f7733bbcdadbe17b50de965aedddd65bcb6cc7852c8 Linux-PAM-1.5.0.tar.xz
> > +sha256 201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc Linux-PAM-1.5.1.tar.xz
> > # Locally computed
> > sha256 133d98e7a2ab3ffd330b4debb0bfc10fea21e4b2b5a5b09de2e924293be5ff08 Copyright
> > diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
> > index 176830c1d3..61d9542c02 100644
> > --- a/package/linux-pam/linux-pam.mk
> > +++ b/package/linux-pam/linux-pam.mk
> > @@ -4,7 +4,7 @@
> > #
> > ################################################################################
>
> > -LINUX_PAM_VERSION = 1.5.0
> > +LINUX_PAM_VERSION = 1.5.1
>
> Ehh, we only have 1.4.0 in master and next?
Indeed, the patch to bump linux-pam to version 1.5.0 was not applied
yet, I'll send a v2.
>
> It would be good to notice that this security issue only exists in pam
> 1.5.0.
>
> --
> Bye, Peter Korsgaard
Best Regards,
Fabrice
More information about the buildroot
mailing list