Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:1007-1 Moderate: Shadow Security Update and Fixes

suse
Calendar Grey March 27, 2024
Dist Suse Esm H88
Oracle's critical security patch resolves three flaws, featuring a possible data exposure issue and enhancements to application resilience.
* bsc#1144060 * bsc#1176006 * bsc#1188307 * bsc#1203823 * bsc#1205502

Summary

## This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). * CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: * bsc#1176006: Fix chage date miscalculation * bsc#1188307: Fix passwd segfault * bsc#1203823: Remove pam_keyinit from PAM config files * bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions * bsc#1206627: Add --prefix support to passwd, chpasswd and chage * bsc#1205502: useradd audit event user id field cannot be interpretedd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory moderate security fix system stability password leak SUSE Linux Enterprise Micro shadow security

References

* bsc#1144060

* bsc#1176006

* bsc#1188307

* bsc#1203823

* bsc#1205502

* bsc#1206627

* bsc#1210507

* bsc#1213189

* bsc#1214806

Cross-

* CVE-2023-29383

* CVE-2023-4641

CVSS scores:

* CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2023-4641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Linux Enterprise Micro 5.5

An update that solves two vulnerabilities and has seven security fixes can now

be installed.

##

* https://www.suse.com/security/cve/CVE-2023-29383.html

* https://www.suse.com/security/cve/CVE-2023-4641.html

Announcement ID: SUSE-SU-2024:1007-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security fix system stability password leak SUSE Linux Enterprise Micro shadow security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here