Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:0939-1 Moderate Security Update for Shadow Manipulation Fix

suse
Calendar Grey March 22, 2024
Dist Suse Esm H88
Release note for shadow addressing vulnerabilities in SUSE and openSUSE distributions, fixing exploitation risks and addressing inconsistencies.
* bsc#1144060 * bsc#1176006 * bsc#1188307 * bsc#1203823 * bsc#1205502

Summary

## This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following non-security bugs were fixed: * bsc#1176006: Fix chage date miscalculation * bsc#1188307: Fix passwd segfault * bsc#1203823: Remove pam_keyinit from PAM config files * bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions * bsc#1206627: Add --prefix support to passwd, chpasswd and chage * bsc#1205502: useradd audit event user id field cannot be interpretedd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4

Topics%20covered

Topics Covered

security advisory security issue software update moderate severity system fix shadow openSUSE

References

* bsc#1144060

* bsc#1176006

* bsc#1188307

* bsc#1203823

* bsc#1205502

* bsc#1206627

* bsc#1210507

* bsc#1213189

Cross-

* CVE-2023-29383

CVSS scores:

* CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap Micro 5.4

* SUSE Linux Enterprise Micro 5.4

* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability and has seven security fixes can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2023-29383.html

* https://bugzilla.suse.com/show_bug.cgi?id=1144060

* https://bugzilla.suse.com/show_bug.cgi?id=1176006

* https://bugzilla.suse.com/show_bug.cgi?id=1188307

Announcement ID: SUSE-SU-2024:0939-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory security issue software update moderate severity system fix shadow openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here