exploitDog

SUSE-SU-2025:0292-1

Опубликовано: 29 янв. 2025

Источник: suse-cvrf

Описание

Security update for shadow

This update for shadow fixes the following issues:

Fixed not copying of skel files (bsc#1228770)

Список пакетов

SUSE Enterprise Storage 7.1

login_defs-4.8.1-150300.4.18.1

shadow-4.8.1-150300.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

login_defs-4.8.1-150300.4.18.1

shadow-4.8.1-150300.4.18.1

SUSE Linux Enterprise Server 15 SP3-LTSS

login_defs-4.8.1-150300.4.18.1

shadow-4.8.1-150300.4.18.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

login_defs-4.8.1-150300.4.18.1

shadow-4.8.1-150300.4.18.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250292-1/
Link for SUSE-SU-2025:0292-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020240.html
E-Mail link for SUSE-SU-2025:0292-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228770
SUSE Bug 1228770
https://www.suse.com/security/cve/CVE-2013-4235/
SUSE CVE CVE-2013-4235 page

Описание

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Затронутые продукты

SUSE Enterprise Storage 7.1:login_defs-4.8.1-150300.4.18.1

SUSE Enterprise Storage 7.1:shadow-4.8.1-150300.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:login_defs-4.8.1-150300.4.18.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shadow-4.8.1-150300.4.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2013-4235.html
CVE-2013-4235
https://bugzilla.suse.com/916845
SUSE Bug 916845