CVE-2024-10041: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Note: If SELinux is set to Enforcing mode then this vulnerability is mitigated. There isn't a fixed version mentioned in the RHSA nor the bugzilla report, so setting whiteboard to upstream/ebuild for now. Upstream did release 1.7.0 today, however, so it might be fixed in that?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb07a754c3ef70e7165adb2e0800050d95dc10ee commit eb07a754c3ef70e7165adb2e0800050d95dc10ee Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-08 04:15:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-08 04:55:44 +0000 sys-libs/pam: add 1.7.0_p20241230 * Switch to Meson * Wire up elogind+logind support (bug #931115) as it's now available upstream * Docs are hard-disabled for now, but that's sort of fine (enough) for now given that we had bug #913087 for the previous ebuild * Using a snapshot as there's a few build system patches post-tag and some other generally noteworthy patches we'd have to pull in manually otherwise * Wire up verify-sig for the next release (but not used for this ebuild as took a snapshot) Bug: https://bugs.gentoo.org/913087 Bug: https://bugs.gentoo.org/942075 Closes: https://bugs.gentoo.org/929970 Closes: https://bugs.gentoo.org/925334 Closes: https://bugs.gentoo.org/931115 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/pam/Manifest | 1 + sys-libs/pam/pam-1.7.0_p20241230.ebuild | 165 ++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+)
