CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

libpam: mark CVE-2025-6018 as not applicable

Browse Source 
CVE-2025-6018 is a local privilege escalation in PAM that requires
`user_readenv=1` to be enabled in the PAM configuration. The default
configuration does not enable reading user environment files (user_readenv
is 0 by default). Hence this vulnerability cannot be exploited using the
default configuration.

(From OE-Core rev: 3f2a9ad03326dc87681cf47ed5f73712ebaa624c)

Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Anders Heimer 2025-10-21 15:59:22 +02:00 committed by Steve Sakoman
parent ad597f4a54
commit 251d8b676e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-extended/pam/libpam_1.5.3.bb
View File

@ -39,6 +39,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
CVE_STATUS[CVE-2025-6018] = "not-applicable-config: Default PAM config does not use user_readenv=1"
DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
EXTRA_OECONF = "--includedir=${includedir}/security \