Home / mailings [SECURITY] [DSA 5864-1] pam-pkcs11 security update
Posted on 12 February 2025
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-5864-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pam-pkcs11
CVE ID : CVE-2025-24032 CVE-2025-24531
Debian Bug : 1095402
Two vulnerabilities were discovered in pam-pkcs11, a PAM module which
allows to use PKCS#11 based smart cards in the PAM authentication stack,
which may allow to bypass the authentication in some scenarios.
For the stable distribution (bookworm), these problems have been fixed in
version 0.6.12-1+deb12u1.
We recommend that you upgrade your pam-pkcs11 packages.
For the detailed security status of pam-pkcs11 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/pam-pkcs11
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
