Various fixes

- pam_unix: sync expiry checks with shadow - pam.conf: remove tallylog - pam_namespace: fix potential privilege escalation Resolves: RHEL-70519 Resolves: RHEL-95475 Resolves: RHEL-96955 Resolves: RHEL-96973 Resolves: RHEL-15324 Resolves: CVE-2025-6020 Resolves: RHEL-96727 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2025-08-05 16:26:01 +02:00 · 2025-08-05 16:26:01 +02:00 · 698b53ee1c
commit 698b53ee1c
parent 57379e6564
2 changed files with 1351 additions and 2 deletions
--- a/pam-1.5.1-pam-namespace-rebase.patch
+++ b/pam-1.5.1-pam-namespace-rebase.patch
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.5.1
-Release: 26%{?dist}
+Release: 27%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -447,7 +447,7 @@ done
 %doc doc/sag/*.txt doc/sag/html

 %changelog
-* Tue Jun 24 2025 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-26
+* Tue Aug  5 2025 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-27
 - pam_unix: sync expiry checks with shadow.
  Resolves: RHEL-70519, RHEL-95475, RHEL-96955 and RHEL-96973
 - pam.conf: remove tallylog. Resolves: RHEL-15324