Oval Definition:	oval:org.opensuse.security:def:80103
Revision Date: 2014-04-11 Version: 1 Title: Security update for pam Description: This update changes the broken default behavior of pam_pwhistory to not enforce checks when the root user requests password changes. In order to enforce pwhistory checks on the root user, the 'enforce_for_root' parameter needs to be set for the pam_pwhistory.so module. This pam update fixes the following security and non-security issues: * bnc#870433: Fixed pam_timestamp path injection problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password Security Issue references: * CVE-2014-2583 Family: unix Class: patch Status: Reference(s): 848417 870433 CVE-2014-2583 Platform(s): SUSE Linux Enterprise Desktop 11 SP3 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information pam-1.1.5-0.12.1 is installed OR pam-32bit-1.1.5-0.12.1 is installed OR pam-doc-1.1.5-0.12.1 is installed
BACK