This bug was fixed in the package pam - 1.5.3-5ubuntu5.4
---------------
pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches/pam_namespace_170.patch: sync pam_namespace module to
version 1.7.0.
- debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes
from upstream git tree.
- debian/patches/pam_namespace_revert_abi.patch: revert ABI change to
prevent unintended issues in running daemons.
- debian/patches/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches/CVE-2025-6020-2.patch: add flags to indicate path
safety.
- debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at
the group ownership.
- debian/patches/pam_namespace_o_directory.patch: removed, included in
patch cluster above.
- CVE-2025-6020
-- Marc Deslauriers <[email protected]> Thu, 12 Jun 2025
10:45:28 -0400
** Changed in: pam (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-6020
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087827
Title:
Pam includes does not look in /usr/lib/pam.d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2087827/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
