1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1107919: pam: CVE-2025-6020: pam_namespace: potential privilege esc

    From Salvatore Bonaccorso@21:1/5 to All on Tue Jun 17 12:40:01 2025
    Source: pam
    Version: 1.7.0-3
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
    Control: found -1 1.5.2-6+deb12u1
    Control: found -1 1.5.2-6

    Hi,

    The following vulnerability was published for pam.

    CVE-2025-6020[0]:
    | pam_namespace: potential privilege escalation


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-6020
    https://www.cve.org/CVERecord?id=CVE-2025-6020
    [1] https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
    [2] https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e
    https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1
    https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773

    Please adjust the affected versions in the BTS as needed.

    I would say to focus first on unstable -> trixie then we can have a
    further look at bookworm.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jun 17 12:40:01 2025
    Processing control commands:

    found -1 1.5.2-6+deb12u1
    Bug #1107919 [src:pam] pam: CVE-2025-6020: pam_namespace: potential privilege escalation
    Marked as found in versions pam/1.5.2-6+deb12u1.
    found -1 1.5.2-6
    Bug #1107919 [src:pam] pam: CVE-2025-6020: pam_namespace: potential privilege escalation
    Marked as found in versions pam/1.5.2-6.

    --
    1107919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Jun 26 20:10:01 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 26 Jun 2025 18:04:24 +0000
    with message-id <E1uUqxU-002soK-Qy@fasolo.debian.org>
    and subject line Bug#1107919: fixed in pam 1.7.0-4
    has caused the Debian Bug report #1107919,
    regarding pam: CVE-2025-6020: pam_namespace: potential privilege escalation
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1107919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 17 Jun 2025 10:34:28 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.9 required=4.0 tests=BAYES_00,FOURLA,
    FROMDEVELOPER,MD5_SHA1_SUM,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 28; hammy, 143; neutral, 31; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--bookworm
    Return-path: <carnil@debian.org>
    Received: from elende.valinor.li ([2a01:4f9:6a:1c47::2]:39532)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-from <carnil@debian.org>)
    id 1uRTe8-00EXOn-07
    for submit@bug
  • From Debian Bug Tracking System@21:1/5 to All on Sun Jun 29 20:10:01 2025
    This is a multi-part message in MIME format...

    Your message dated Sun, 29 Jun 2025 18:04:28 +0000
    with message-id <E1uVwOC-00HVck-1N@fasolo.debian.org>
    and subject line Bug#1107919: fixed in pam 1.7.0-5
    has caused the Debian Bug report #1107919,
    regarding pam: CVE-2025-6020: pam_namespace: potential privilege escalation
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1107919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 17 Jun 2025 10:34:28 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.9 required=4.0 tests=BAYES_00,FOURLA,
    FROMDEVELOPER,MD5_SHA1_SUM,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 28; hammy, 143; neutral, 31; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--bookworm
    Return-path: <carnil@debian.org>
    Received: from elende.valinor.li ([2a01:4f9:6a:1c47::2]:39532)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-from <carnil@debian.org>)
    id 1uRTe8-00EXOn-07
    for submit@bug