Table of Contents
Errata: Policy loading
Date:: 2014-06-02
Affects:: Nummularia and Micrampelis
References:: http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879
Description:: When loading a module or processing an include directive, an {{{ENOENT}}} (file not found) error would incorrectly be propagated up the call stack and be interpreted as a missing policy, which is a soft error, rather than an invalid policy, which is a hard error. Depending on the circumstances, this could result in a fail-open scenario.
Workaround:: Verify the spelling of all policies. When updating third-party modules (which will result in a brief window during which the module is missing), shut down affected services.
Fix:: Apply r795.