安全公告详情

NS-SA-2025-0252

2025-10-23 19:59:52

简介

important: pam security update

严重级别

important

主题

An update for pam is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

pam:


Security Fix(es):
pam: A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.(CVE-2025-6020)
pam: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.04B7.

影响组件

  • pam

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["pam-libs-core-1.5.3-1.zncgsl7.23.x86_64.rpm","pam-core-1.5.3-1.zncgsl7.23.x86_64.rpm","pam-libs-1.5.3-1.zncgsl7.23.x86_64.rpm","pam-1.5.3-1.zncgsl7.23.x86_64.rpm","pam-devel-1.5.3-1.zncgsl7.23.x86_64.rpm","pam-doc-1.5.3-1.zncgsl7.23.noarch.rpm"],"source":"pam-1.5.3-1.zncgsl7.23.src.rpm"}]}]}

CVE

参考