SUSE-SU-2023:4025-1

Опубликовано: 10 окт. 2023

Источник: suse-cvrf

Описание

Security update for shadow

This update for shadow fixes the following issues:

CVE-2023-4641: Fixed potential password leak (bsc#1214806).

Список пакетов

Container caasp/v4/cilium-operator:1.6.6

shadow-4.6-150100.3.11.1

Container caasp/v4/cilium:1.6.6

shadow-4.6-150100.3.11.1

Container suse/sle15:15.1

shadow-4.6-150100.3.11.1

Container suse/sle15:15.2

shadow-4.6-150100.3.11.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

shadow-4.6-150100.3.11.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

shadow-4.6-150100.3.11.1

Image SLES15-SP2-BYOS-Azure

shadow-4.6-150100.3.11.1

Image SLES15-SP2-HPC-BYOS-Azure

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-Azure

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-BYOS-Azure

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-BYOS-GCE

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-EC2-HVM

shadow-4.6-150100.3.11.1

Image SLES15-SP2-SAP-GCE

shadow-4.6-150100.3.11.1

SUSE Enterprise Storage 7

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise Server 15 SP1-LTSS

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise Server 15 SP2-LTSS

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

shadow-4.6-150100.3.11.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

shadow-4.6-150100.3.11.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234025-1/
Link for SUSE-SU-2023:4025-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016611.html
E-Mail link for SUSE-SU-2023:4025-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214806
SUSE Bug 1214806
https://www.suse.com/security/cve/CVE-2023-4641/
SUSE CVE CVE-2023-4641 page

Описание

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Затронутые продукты

Container caasp/v4/cilium-operator:1.6.6:shadow-4.6-150100.3.11.1

Container caasp/v4/cilium:1.6.6:shadow-4.6-150100.3.11.1

Container suse/sle15:15.1:shadow-4.6-150100.3.11.1

Container suse/sle15:15.2:shadow-4.6-150100.3.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-4641.html
CVE-2023-4641
https://bugzilla.suse.com/1214806
SUSE Bug 1214806

SUSE-SU-2023:4025-1

Описание

Список пакетов

Container caasp/v4/cilium-operator:1.6.6

Container caasp/v4/cilium:1.6.6

Container suse/sle15:15.1

Container suse/sle15:15.2

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-BYOS-Azure

Image SLES15-SP2-HPC-BYOS-Azure

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

Ссылки

Уязвимость: CVE-2023-4641

Описание

Затронутые продукты

Ссылки