Synopsis:          Moderate: pam security update
Advisory ID:       SLSA-2015:1640-1
Issue Date:        2015-08-18
CVE Numbers:       CVE-2015-3238
--

It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large
passwords to the unix_pam module could use this flaw to enumerate valid
user accounts, or cause a denial of service on the system. (CVE-2015-3238)
--

SL6
  x86_64
    pam-1.1.1-20.el6_7.1.i686.rpm
    pam-1.1.1-20.el6_7.1.x86_64.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
    pam-devel-1.1.1-20.el6_7.1.i686.rpm
    pam-devel-1.1.1-20.el6_7.1.x86_64.rpm
  i386
    pam-1.1.1-20.el6_7.1.i686.rpm
    pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
    pam-devel-1.1.1-20.el6_7.1.i686.rpm
SL7
  x86_64
    pam-1.1.8-12.el7_1.1.i686.rpm
    pam-1.1.8-12.el7_1.1.x86_64.rpm
    pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
    pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
    pam-devel-1.1.8-12.el7_1.1.i686.rpm
    pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

- Scientific Linux Development Team