Описание
Security update for shadow
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
Список пакетов
Container suse/ltss/sle15.3/bci-base:latest
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Container suse/sle-micro-rancher/5.2:latest
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Container suse/sle-micro/5.1/toolbox:latest
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Container suse/sle-micro/5.2/toolbox:latest
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Container suse/sle15:15.3
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-BYOS-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-CHOST-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-CHOST-BYOS-EC2
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-CHOST-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-HPC-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-HPC-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAP-BYOS-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAP-BYOS-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAPCAL-Azure
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAPCAL-EC2-HVM
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Image SLES15-SP3-SAPCAL-GCE
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Enterprise Storage 7.1
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise Micro 5.1
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise Micro 5.2
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise Server 15 SP3-LTSS
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Manager Proxy 4.2
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
SUSE Manager Server 4.2
login_defs-4.8.1-150300.4.12.1
shadow-4.8.1-150300.4.12.1
Ссылки
- Link for SUSE-SU-2023:4027-1
- E-Mail link for SUSE-SU-2023:4027-1
- SUSE Security Ratings
- SUSE Bug 1214806
- SUSE CVE CVE-2023-4641 page
Описание
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:login_defs-4.8.1-150300.4.12.1
Container suse/ltss/sle15.3/bci-base:latest:shadow-4.8.1-150300.4.12.1
Container suse/sle-micro-rancher/5.2:latest:login_defs-4.8.1-150300.4.12.1
Container suse/sle-micro-rancher/5.2:latest:shadow-4.8.1-150300.4.12.1
Ссылки
- CVE-2023-4641
- SUSE Bug 1214806