FERRAMENTAS LINUX: Oracle Linux 9 Security Update: Critical PAM Privilege Escalation Fix (CVE-2025-6020)

quinta-feira, 26 de junho de 2025

Oracle Linux 9 Security Update: Critical PAM Privilege Escalation Fix (CVE-2025-6020)

 

Oracle

Oracle Linux 9 critical security update ELSA-2025-9526 fixes PAM privilege escalation (CVE-2025-6020) and memory safety issues. Download patched RPMs for x86_64 & AArch64 to secure your systems now.

Key Security Patch for Oracle Linux 9: ELSA-2025-9526

Oracle has released an important security update (ELSA-2025-9526) addressing a privilege escalation vulnerability in the Pluggable Authentication Module (PAM) for Oracle Linux 9

This patch resolves CVE-2025-6020, a critical flaw that could allow attackers to gain elevated privileges on affected systems.

What’s Fixed in This Update?

The latest PAM update (v1.5.1-25.0.1) includes critical security enhancements:

✅ CVE-2025-6020 Mitigation – Fixes a privilege escalation vulnerability in pam_namespace.

✅ Memory Safety Fix – Resolves a use-after-free issue in pam_sm_open_session.

✅ Stability Improvements – Patches additional bugs reported in RHEL-96729.

This update is essential for system administrators managing Oracle Linux 9 deployments, particularly in enterprise and cloud environments where privilege escalation risks are high.

Download Updated RPM Packages

Source RPMs

🔗 pam-1.5.1-25.0.1.el9_6.src.rpm

x86_64 Architecture

  • pam-1.5.1-25.0.1.el9_6.i686.rpm

  • pam-1.5.1-25.0.1.el9_6.x86_64.rpm

  • pam-devel-1.5.1-25.0.1.el9_6.i686.rpm

  • pam-devel-1.5.1-25.0.1.el9_6.x86_64.rpm

  • pam-docs-1.5.1-25.0.1.el9_6.x86_64.rpm

AArch64 Architecture

  • pam-1.5.1-25.0.1.el9_6.aarch64.rpm

  • pam-devel-1.5.1-25.0.1.el9_6.aarch64.rpm

  • pam-docs-1.5.1-25.0.1.el9_6.aarch64.rpm

Why Is This Update Critical?

Privilege escalation vulnerabilities like CVE-2025-6020 pose severe risks, allowing attackers to bypass security controls and gain root-level access. Given PAM’s role in authentication and session management, unpatched systems are vulnerable to exploitation.

Who Should Apply This Patch?

 Enterprise IT Teams managing Oracle Linux servers

 Cloud Infrastructure Providers using Oracle Linux 9

 DevOps Engineers ensuring compliance with security best practices

Best Practices for Applying Security Updates

  1. Test in a staging environment before deploying to production.

  2. Schedule maintenance windows to minimize downtime.

  3. Monitor logs for unusual activity post-update.

Frequently Asked Questions (FAQ)

Q: How does CVE-2025-6020 impact my system?

A: This vulnerability allows attackers to elevate privileges, potentially gaining root access if exploited.

Q: Is this update backward compatible?

A: Yes, the patch maintains compatibility with existing configurations.

Q: Where can I find official Oracle Linux security advisories?

A: Visit Oracle’s Security Advisory Page for the latest updates.

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)