Description
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 14 | | | - |
debian 11 | | =1.4.0-10 || =1.4.0-11 || =1.4.0-12 || =1.4.0-13 || =1.4.0-9 || =1.4.0-9+deb11u1 || =1.4.0-9+deb11u2 || =1.5.2-1 || =1.5.2-2 || =1.5.2-3 || =1.5.2-4 || =1.5.2-5 || =1.5.2-6 || =1.5.2-7 || =1.5.2-8 || =1.5.2-9 || =1.5.2-9.1 || =1.5.3-1 || =1.5.3-2 || =1.5.3-3 || =1.5.3-4 || =1.5.3-5 || =1.5.3-6 || =1.5.3-6+hurd.1 || =1.5.3-7 || =1.7.0-1 || =1.7.0-2 || =1.7.0-2+hurd.1 || =1.7.0-3 || =1.7.0-4 || =1.7.0-5 | - |
debian 12 | | =1.5.2-6 || =1.5.2-6+deb12u1 || =1.5.2-6+deb12u2 || =1.5.2-7 || =1.5.2-8 || =1.5.2-9 || =1.5.2-9.1 || =1.5.3-1 || =1.5.3-2 || =1.5.3-3 || =1.5.3-4 || =1.5.3-5 || =1.5.3-6 || =1.5.3-6+hurd.1 || =1.5.3-7 || =1.7.0-1 || =1.7.0-2 || =1.7.0-2+hurd.1 || =1.7.0-3 || =1.7.0-4 || =1.7.0-5 | - |
debian 13 | | | - |
 rpm rhel7 | | - | - |
rpm rhel8 | | | 0:1.3.1-38.el8_10 |
rpm rhel8.4 | | | 0:1.3.1-14.el8_4.2 |
rpm rhel9 | | | 0:1.5.1-26.el9_6 |
rpm rhel9.4 | | | 0:1.5.1-24.el9_4.1 |
