TPS-2020-001 CVE-2020-27678 - libpam
Overview
A critical vulnerability was found in the illumos Pluggable Authentication Module library due to insufficient bounds checking. This issue affects all illumos distributions using illumos PAM.
Actions taken by Joyent
The illumos community has fixed the issue, which has been merged into Joyent’s fork of illumos. Release platform images dated 20201022 or later are available that resolve this issue.
Actions You Need to Take
It is recommended for all users to reboot all Triton and SmartOS compute nodes to a platform image that contains the fix.
For Triton compute nodes, an image is available via sdcadm in the release
channel. See the Triton Maintenance and Upgrades documentation for more
information. Use platform image 20201022T155042Z or later.
For non-Triton SmartOS, boot to a fixed platform image See the Downloading SmartOS documentation for more information. Images including the fix can be found here.
Support
If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.
As noted above, if you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.