From ad164ea74b78ed798273f8c48319c9886b84fc9a Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 11 Mar 2014 10:09:42 +0100 Subject: [PATCH] fix CVE-2013-7041: use case sensitive comparison in pam_userdb --- pam.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 1ab40ea..5246fe7 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.1.8 -Release: 7%{?dist} +Release: 8%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -45,6 +45,7 @@ Patch31: pam-1.1.6-use-links.patch Patch32: pam-1.1.7-tty-audit-init.patch Patch33: pam-1.1.8-translation-updates.patch Patch34: pam-1.1.8-canonicalize-username.patch +Patch35: pam-1.1.8-cve-2013-7041.patch %define _pamlibdir %{_libdir} %define _moduledir %{_libdir}/security @@ -123,6 +124,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules %patch32 -p1 -b .tty-audit-init %patch33 -p2 -b .translations %patch34 -p1 -b .canonicalize +%patch35 -p1 -b .case %build autoreconf -i @@ -371,6 +373,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Tue Mar 11 2014 Tomáš Mráz 1.1.8-8 +- fix CVE-2013-7041: use case sensitive comparison in pam_userdb + * Mon Mar 10 2014 Tomáš Mráz 1.1.8-7 - rename the 90-nproc.conf to 20-nproc.conf (#1071618) - canonicalize user name in pam_selinux (#1071010)