Bug 14405

Summary:	[CVE 21] pam 1.5.1 CVE found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	a.proklov, e.malashin, s.matveev, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ a.konovalov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2024-22365
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-09 16:54:02 MSK

Comment 1 Arsenii 2024-04-09 17:03:46 MSK

https://nvd.nist.gov/vuln/detail/CVE-2024-22365 MEDIUM

Comment 2 Svyatoslav Matveev 2024-04-10 11:41:27 MSK

********** QA ADVISORY **********

Уязвимость закрыта патчем.

Ссылка на коммит исправления:
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb

*** pam
**  1.5.1 release +1


https://abf.io/build_lists/5016902 (x86_64)
https://abf.io/build_lists/5016903
https://abf.io/build_lists/5016904
https://abf.io/build_lists/5016905
https://abf.io/build_lists/5016906

Comment 3 e.malashin@rosalinux.ru 2024-04-11 19:11:23 MSK

The update sent to testings

Comment 4 Vladimir Potapov 2024-04-17 16:29:14 MSK

для medium CVE не надо ставить "красный" статус.

Comment 5 Vladimir Potapov 2024-04-24 16:31:32 MSK

pam-1.5.1-5
https://abf.io/build_lists/5016902 (x86_64)
https://abf.io/build_lists/5016903
https://abf.io/build_lists/5016904
https://abf.io/build_lists/5016905
https://abf.io/build_lists/5016906
******************************* Advisory *************************
CVE fixed by patch
******************************************************************
QA Verified