On Sat, Jan 25, 2025 at 01:24:36AM +, Mark Esler wrote:
> On Wed, Jan 22, 2025 at 03:18:10PM +0100, Johannes Segitz wrote:
> > We're not empowered to do this. We are a CNA for code that we own (e.g.
> > zypper), but not for arbitrary open source projects.
>
> The t
On Wed, Jan 22, 2025 at 12:50:21PM +0100, Greg KH wrote:
> But this topic has come up recently in talking with other open source
> CNA groups. The "real" solution for it is to talk to a different root
> CNA (i.e. anyone other than MITRE). For open source projects, that
> _should_ be Red Hat, but
Hello list,
this is a report about a local root exploit in the PAM module `pam_oath.so`,
which is shipped as part of the oath-toolkit project [1].
You can also find a rendered HTML version of this report on our blog [5].
The vulnerability was discovered by Fabian Vogt of SUSE, and this report an
