CVE-2018-17953

Description

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

Read the notes from the security team

• How can I get the fixes?
• What do statuses mean?

Notes

Severity score breakdown

CVSS version: CVSS v3.0

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• https://bugzilla.novell.com/show_bug.cgi?id=1115640
• https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch
• https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
• https://www.cve.org/CVERecord?id=CVE-2018-17953