diff -Nru pam-1.4.0/debian/changelog pam-1.4.0/debian/changelog
--- pam-1.4.0/debian/changelog	2023-02-02 09:21:46.000000000 +0000
+++ pam-1.4.0/debian/changelog	2024-01-10 13:54:07.000000000 +0000
@@ -1,3 +1,12 @@
+pam (1.4.0-11ubuntu2.4) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: pam_namespace local denial of service
+    - debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
+      prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
+    - CVE-2024-22365
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Jan 2024 08:54:07 -0500
+
 pam (1.4.0-11ubuntu2.3) jammy-security; urgency=medium
 
   * SECURITY REGRESSION: fix CVE-2022-28321 patch location
diff -Nru pam-1.4.0/debian/patches-applied/CVE-2024-22365.patch pam-1.4.0/debian/patches-applied/CVE-2024-22365.patch
--- pam-1.4.0/debian/patches-applied/CVE-2024-22365.patch	1970-01-01 00:00:00.000000000 +0000
+++ pam-1.4.0/debian/patches-applied/CVE-2024-22365.patch	2024-01-10 13:53:56.000000000 +0000
@@ -0,0 +1,53 @@
+From 1df49a664720419e122dac128bf0ef1525133f4c Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Wed, 27 Dec 2023 14:01:59 +0100
+Subject: [PATCH] pam_namespace: protect_dir(): use O_DIRECTORY to prevent
+ local DoS situations
+
+Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs
+being placed in user controlled directories, causing the PAM module to
+block indefinitely during `openat()`.
+
+Pass O_DIRECTORY to cause the `openat()` to fail if the path does not
+refer to a directory.
+
+With this the check whether the final path element is a directory
+becomes unnecessary, drop it.
+---
+ modules/pam_namespace/pam_namespace.c | 18 +-----------------
+ 1 file changed, 1 insertion(+), 17 deletions(-)
+
+--- a/modules/pam_namespace/pam_namespace.c
++++ b/modules/pam_namespace/pam_namespace.c
+@@ -1097,7 +1097,7 @@ static int protect_dir(const char *path,
+ 	int dfd = AT_FDCWD;
+ 	int dfd_next;
+ 	int save_errno;
+-	int flags = O_RDONLY;
++	int flags = O_RDONLY | O_DIRECTORY;
+ 	int rv = -1;
+ 	struct stat st;
+ 
+@@ -1151,22 +1151,6 @@ static int protect_dir(const char *path,
+ 		rv = openat(dfd, dir, flags);
+ 	}
+ 
+-	if (rv != -1) {
+-		if (fstat(rv, &st) != 0) {
+-			save_errno = errno;
+-			close(rv);
+-			rv = -1;
+-			errno = save_errno;
+-			goto error;
+-		}
+-		if (!S_ISDIR(st.st_mode)) {
+-			close(rv);
+-			errno = ENOTDIR;
+-			rv = -1;
+-			goto error;
+-		}
+-	}
+-
+ 	if (flags & O_NOFOLLOW) {
+ 		/* we are inside user-owned dir - protect */
+ 		if (protect_mount(rv, p, idata) == -1) {
diff -Nru pam-1.4.0/debian/patches-applied/series pam-1.4.0/debian/patches-applied/series
--- pam-1.4.0/debian/patches-applied/series	2023-02-02 09:21:46.000000000 +0000
+++ pam-1.4.0/debian/patches-applied/series	2024-01-10 13:53:53.000000000 +0000
@@ -34,3 +34,4 @@
 
 pam_env-allow-environment-files-without-EOL-at-EOF.patch
 CVE-2022-28321.patch
+CVE-2024-22365.patch