TPS-2020-001 CVE-2020-27678 - libpam


A critical vulnerability was found in the illumos Pluggable Authentication Module library due to insufficient bounds checking. This issue affects all illumos distributions using illumos PAM.

Actions taken by Joyent

The illumos community has fixed the issue, which has been merged into Joyent’s fork of illumos. Release platform images dated 20201022 or later are available that resolve this issue.

Actions You Need to Take

It is recommended for all users to reboot all Triton and SmartOS compute nodes to a platform image that contains the fix.

For Triton compute nodes, an image is available via sdcadm in the release channel. See the Triton Maintenance and Upgrades documentation for more information. Use platform image 20201022T155042Z or later.

For non-Triton SmartOS, boot to a fixed platform image See the Downloading SmartOS documentation for more information. Images including the fix can be found here.


If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

As noted above, if you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.