SUSE-SU-2023:4023-1

Опубликовано: 10 окт. 2023

Источник: suse-cvrf

Описание

Security update for shadow

This update for shadow fixes the following issues:

CVE-2023-4641: Fixed potential password leak (bsc#1214806).

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

shadow-4.2.1-36.6.1

Container suse/sles12sp5:latest

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-Basic-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-HPC-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-HPC-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-SAP-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-SAP-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-Standard-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-EC2-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-EC2-ECS-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-EC2-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-EC2-SAP-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-EC2-SAP-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-GCE-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-GCE-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-GCE-SAP-BYOS

shadow-4.2.1-36.6.1

Image SLES12-SP5-GCE-SAP-On-Demand

shadow-4.2.1-36.6.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

shadow-4.2.1-36.6.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

shadow-4.2.1-36.6.1

SUSE Linux Enterprise Server 12 SP5

shadow-4.2.1-36.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

shadow-4.2.1-36.6.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234023-1/
Link for SUSE-SU-2023:4023-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016613.html
E-Mail link for SUSE-SU-2023:4023-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214806
SUSE Bug 1214806
https://www.suse.com/security/cve/CVE-2023-4641/
SUSE CVE CVE-2023-4641 page

Описание

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:shadow-4.2.1-36.6.1

Container suse/sles12sp5:latest:shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-BYOS:shadow-4.2.1-36.6.1

Image SLES12-SP5-Azure-Basic-On-Demand:shadow-4.2.1-36.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-4641.html
CVE-2023-4641
https://bugzilla.suse.com/1214806
SUSE Bug 1214806

SUSE-SU-2023:4023-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp5:latest

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2023-4641

Описание

Затронутые продукты

Ссылки