ASA-202012-13 log generated external raw

[ASA-202012-13] pam: authentication bypass
Arch Linux Security Advisory ASA-202012-13 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-27780 Package : pam Type : authentication bypass Remote : No Link : Summary ======= The package pam before version 1.5.0-2 is vulnerable to authentication bypass. Resolution ========== Upgrade to 1.5.0-2. # pacman -Syu "pam>=1.5.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== The issue can be mitigated by setting a non-empty password for the root user. Description =========== An authentication bypass issue was found in pam 1.5.0. Nonexistent users could authenticate if the root password was empty. Impact ====== In some unusual configurations, a remote user might be able to bypass authentication. References ==========