it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5864-1] pam-pkcs11 security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5864-1] pam-pkcs11 security update
Date: Wed, 12 Feb 2025 13:34:21 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1tiCsf-00Ezs0-3D AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=EW6WdqtU3VDwFf/JY8S6e+J4Hfq+sie4n56mVrvDXoM=; b=an 5brq51M7M7z/96cqFFKLGgw9Co+hafinKKzZkNdXRWzQ/Ys2kt40ERKh5kz31ClvBUUwEygyQPtUI q9udhAxpVBx5hUnATzO63QIro9Q0rtdR+N8Ix+XIHApVQmxv1NknxGu4nsVwtdDEuExc7MtazHKcM 6G60wXL46QhITroBH+tTxza8hVjZ7fgDwkxK7mMzmC+Gw5X70s6GBvDU/bTKcyvKksfQe8hyL4DFu vLzL0uUbkDw8j9FRnupCxTkGZmU0GJDVp9lQfRT3epYno8oB8Le6LCaa3HkoIrjkAvFnNaXSzj7md KUqHptf72CUAfHuKHh1uWOXLEwUAfiIQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 12 Feb 2025 13:35:09 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <mlK3oV4jLMJ.A.4I0C.NOKrnB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5864-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pam-pkcs11
CVE ID : CVE-2025-24032 CVE-2025-24531
Debian Bug : 1095402

Two vulnerabilities were discovered in pam-pkcs11, a PAM module which
allows to use PKCS#11 based smart cards in the PAM authentication stack,
which may allow to bypass the authentication in some scenarios.

For the stable distribution (bookworm), these problems have been fixed in
version 0.6.12-1+deb12u1.

We recommend that you upgrade your pam-pkcs11 packages.

For the detailed security status of pam-pkcs11 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/pam-pkcs11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmesomBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SYuw/+JNgevdlSVPmv1MBFT1AuSuZZ3nEdYaYE36QUQsxe2p4gQ/ISwPPF07r8
/RnD3ulvbLwU00FQyMpTV7nSFUofZaJ6RzGE5vBca9vtOVy9zFQ/OaI3fV/uPJgc
6ZCNlQ/9RwBq6fr58x+Te+3gWbP9p+Ps8u+mmwf7y9lB85WXfbUdTpRryWFxLyer
n5AhaWuFcQ/lJugoeO1zf8aRIEnAWSBGk/dLXvM/t52u4NJlRyFtEGlSyYLoRfo3
o/m+rDbOtVY4FMiFv5JqmWLhJgWt0pOBuaL8UrCIjA5a4ClQG8LHg3aSKFm9Hm+b
dOnMG3aVWNlQ2oE1wpX7m0wLY2wBeh435Z7DqmD6nbqNizZCxvgoA5tSTFn6Qd9Q
0bcZzYAmyggmRSWETJBwU0dyozNT6D8cQVqW3Y5LsMlCi61Vqj2EcaWl+IT7C7un
6XllldDiJZ7TXSuwfvO58CsE8KoPrG7Rek2iOScefqSvvkgx2wHrCudoSuf/r6rT
0jmfkf+uvq2VN4qFCXTVOsp3IQNb1XpRxGBOymMRBRJupIlFav7g49ZR0rDnYtlX
ZrFBDgw+QxguOKCmSgSsQ8b19epfM4axbcAuuIXZQuDHfJWy6PY8NZv5npNQkpb4
qEQq8q3pDcRj3d3zDiANO8GSz9JQl645MOinVQvlVQ+/tS8L6qk=
=NEnV
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5864-1] pam-pkcs11 security update, Salvatore Bonaccorso, 12.02.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.