Описание
Security update for pam_u2f
This update for pam_u2f fixes the following issues:
- CVE-2025-23013: Fixed problematic PAM_IGNORE return values in
pam_sm_authenticate()(bsc#1233517)
Список пакетов
SUSE Enterprise Storage 7.1
pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
pam_u2f-1.0.8-150000.3.6.1
Ссылки
- Link for SUSE-SU-2025:0192-1
- E-Mail link for SUSE-SU-2025:0192-1
- SUSE Security Ratings
- SUSE Bug 1233517
- SUSE CVE CVE-2025-23013 page
Описание
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.
Затронутые продукты
SUSE Enterprise Storage 7.1:pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS:pam_u2f-1.0.8-150000.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3:pam_u2f-1.0.8-150000.3.6.1
Ссылки
- CVE-2025-23013
- SUSE Bug 1233517