SUSE-SU-2025:0200-1

Опубликовано: 21 янв. 2025

Источник: suse-cvrf

Описание

Security update for pam_u2f

This update for pam_u2f fixes the following issues:

CVE-2025-23013: Fixed problematic PAM_IGNORE return values in pam_sm_authenticate() (bsc#1233517)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Micro 5.3

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Micro 5.4

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Micro 5.5

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Server 15 SP4-LTSS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Server 15 SP5-LTSS

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

pam_u2f-1.2.0-150400.4.5.1

SUSE Manager Proxy 4.3

pam_u2f-1.2.0-150400.4.5.1

SUSE Manager Server 4.3

pam_u2f-1.2.0-150400.4.5.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250200-1/
Link for SUSE-SU-2025:0200-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020186.html
E-Mail link for SUSE-SU-2025:0200-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1233517
SUSE Bug 1233517
https://bugzilla.suse.com/1235961
SUSE Bug 1235961
https://www.suse.com/security/cve/CVE-2025-23013/
SUSE CVE CVE-2025-23013 page

Описание

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pam_u2f-1.2.0-150400.4.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pam_u2f-1.2.0-150400.4.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-23013.html
CVE-2025-23013
https://bugzilla.suse.com/1233517
SUSE Bug 1233517

SUSE-SU-2025:0200-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2025-23013

Описание

Затронутые продукты

Ссылки