USN-5825-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-5825-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5825-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5825-2
Related
  • CVE-2022-28321
Published
2023-02-06T03:06:11.181637Z
Modified
2023-02-06T03:06:11.181637Z
Summary
pam regressions
Details

USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication.

References

Affected packages

Ubuntu:Pro:14.04:LTS / pam

Package

Name
pam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.8-1ubuntu2.2+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libpam-runtime": "1.1.8-1ubuntu2.2+esm3",
            "libpam-modules-bin": "1.1.8-1ubuntu2.2+esm3",
            "libpam-doc": "1.1.8-1ubuntu2.2+esm3",
            "libpam-cracklib": "1.1.8-1ubuntu2.2+esm3",
            "libpam0g-dev": "1.1.8-1ubuntu2.2+esm3",
            "libpam0g": "1.1.8-1ubuntu2.2+esm3",
            "libpam-modules": "1.1.8-1ubuntu2.2+esm3"
        }
    ]
}

Ubuntu:22.04:LTS / pam

Package

Name
pam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0-11ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpam-runtime": "1.4.0-11ubuntu2.3",
            "libpam-modules-bin": "1.4.0-11ubuntu2.3",
            "libpam-doc": "1.4.0-11ubuntu2.3",
            "libpam-cracklib": "1.4.0-11ubuntu2.3",
            "libpam0g-dev": "1.4.0-11ubuntu2.3",
            "libpam0g": "1.4.0-11ubuntu2.3",
            "libpam-modules": "1.4.0-11ubuntu2.3"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / pam

Package

Name
pam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.8-3.2ubuntu2.3+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libpam-runtime": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam-modules-bin": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam-doc": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam-cracklib": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam0g-dev": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam0g": "1.1.8-3.2ubuntu2.3+esm4",
            "libpam-modules": "1.1.8-3.2ubuntu2.3+esm4"
        }
    ]
}

Ubuntu:18.04:LTS / pam

Package

Name
pam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.8-3.6ubuntu2.18.04.6

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpam-runtime": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam-modules-bin": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam-doc": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam-cracklib": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam0g-dev": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam0g": "1.1.8-3.6ubuntu2.18.04.6",
            "libpam-modules": "1.1.8-3.6ubuntu2.18.04.6"
        }
    ]
}

Ubuntu:20.04:LTS / pam

Package

Name
pam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-5ubuntu4.6

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpam-runtime": "1.3.1-5ubuntu4.6",
            "libpam-modules-bin": "1.3.1-5ubuntu4.6",
            "libpam-doc": "1.3.1-5ubuntu4.6",
            "libpam-cracklib": "1.3.1-5ubuntu4.6",
            "libpam0g-dev": "1.3.1-5ubuntu4.6",
            "libpam0g": "1.3.1-5ubuntu4.6",
            "libpam-modules": "1.3.1-5ubuntu4.6"
        }
    ]
}