SUSE-SU-2025:1334-1

Опубликовано: 17 апр. 2025

Источник: suse-cvrf

Описание

Security update for pam

This update for pam fixes the following issues:

CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)

Список пакетов

Container bci/bci-init:15.7

pam-1.3.0-150000.6.76.1

Container bci/bci-init:latest

pam-1.3.0-150000.6.76.1

Container bci/bci-sle15-kernel-module-devel:latest

pam-1.3.0-150000.6.76.1

Container bci/spack:0.23

pam-1.3.0-150000.6.76.1

Container bci/spack:latest

pam-1.3.0-150000.6.76.1

Container containers/milvus:2.4

pam-1.3.0-150000.6.76.1

Container containers/ollama:0

pam-1.3.0-150000.6.76.1

Container containers/open-webui:0

pam-1.3.0-150000.6.76.1

Container suse/389-ds:latest

pam-1.3.0-150000.6.76.1

Container suse/bind:9

pam-1.3.0-150000.6.76.1

Container suse/bind:latest

pam-1.3.0-150000.6.76.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

pam-1.3.0-150000.6.76.1

Container suse/ltss/sle15.3/bci-base:latest

pam-1.3.0-150000.6.76.1

Container suse/ltss/sle15.4/bci-base:latest

pam-1.3.0-150000.6.76.1

Container suse/ltss/sle15.5/sle15:latest

pam-1.3.0-150000.6.76.1

Container suse/manager/4.3/proxy-httpd:latest

pam-1.3.0-150000.6.76.1

Container suse/manager/4.3/proxy-salt-broker:latest

pam-1.3.0-150000.6.76.1

Container suse/manager/4.3/proxy-squid:latest

pam-1.3.0-150000.6.76.1

Container suse/manager/4.3/proxy-ssh:latest

pam-1.3.0-150000.6.76.1

Container suse/mariadb-client:latest

pam-1.3.0-150000.6.76.1

Container suse/mariadb:latest

pam-1.3.0-150000.6.76.1

Container suse/nginx:latest

pam-1.3.0-150000.6.76.1

Container suse/pcp:latest

pam-1.3.0-150000.6.76.1

Container suse/postgres:16

pam-1.3.0-150000.6.76.1

Container suse/postgres:latest

pam-1.3.0-150000.6.76.1

Container suse/registry:latest

pam-1.3.0-150000.6.76.1

Container suse/rmt-server:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro-rancher/5.2:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro-rancher/5.3:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro-rancher/5.4:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.1/toolbox:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.2/toolbox:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.3/toolbox:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.4/toolbox:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.5/toolbox:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/5.5:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/base-5.5:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/kvm-5.5:latest

pam-1.3.0-150000.6.76.1

Container suse/sle-micro/rt-5.5:latest

pam-1.3.0-150000.6.76.1

Container suse/sle15:15.6

pam-1.3.0-150000.6.76.1

Container suse/stunnel:latest

pam-1.3.0-150000.6.76.1

Container suse/valkey:8

pam-1.3.0-150000.6.76.1

Container suse/valkey:latest

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Micro 5.1

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Micro 5.2

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Micro 5.3

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Micro 5.4

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Micro 5.5

pam-1.3.0-150000.6.76.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

pam-1.3.0-150000.6.76.1

pam-32bit-1.3.0-150000.6.76.1

pam-devel-1.3.0-150000.6.76.1

pam-doc-1.3.0-150000.6.76.1

pam-extra-1.3.0-150000.6.76.1

pam-extra-32bit-1.3.0-150000.6.76.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

pam-devel-32bit-1.3.0-150000.6.76.1

openSUSE Leap 15.6

pam-1.3.0-150000.6.76.1

pam-32bit-1.3.0-150000.6.76.1

pam-devel-1.3.0-150000.6.76.1

pam-devel-32bit-1.3.0-150000.6.76.1

pam-doc-1.3.0-150000.6.76.1

pam-extra-1.3.0-150000.6.76.1

pam-extra-32bit-1.3.0-150000.6.76.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251334-1/
Link for SUSE-SU-2025:1334-1
https://lists.suse.com/pipermail/sle-updates/2025-April/039051.html
E-Mail link for SUSE-SU-2025:1334-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232234
SUSE Bug 1232234
https://www.suse.com/security/cve/CVE-2024-10041/
SUSE CVE CVE-2024-10041 page

Описание

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Затронутые продукты

Container bci/bci-init:15.7:pam-1.3.0-150000.6.76.1

Container bci/bci-init:latest:pam-1.3.0-150000.6.76.1

Container bci/bci-sle15-kernel-module-devel:latest:pam-1.3.0-150000.6.76.1

Container bci/spack:0.23:pam-1.3.0-150000.6.76.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-10041.html
CVE-2024-10041
https://bugzilla.suse.com/1232234
SUSE Bug 1232234

SUSE-SU-2025:1334-1

Описание

Список пакетов

Container bci/bci-init:15.7

Container bci/bci-init:latest

Container bci/bci-sle15-kernel-module-devel:latest

Container bci/spack:0.23

Container bci/spack:latest

Container containers/milvus:2.4

Container containers/ollama:0

Container containers/open-webui:0

Container suse/389-ds:latest

Container suse/bind:9

Container suse/bind:latest

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Container suse/ltss/sle15.3/bci-base:latest

Container suse/ltss/sle15.4/bci-base:latest

Container suse/ltss/sle15.5/sle15:latest

Container suse/manager/4.3/proxy-httpd:latest

Container suse/manager/4.3/proxy-salt-broker:latest

Container suse/manager/4.3/proxy-squid:latest

Container suse/manager/4.3/proxy-ssh:latest

Container suse/mariadb-client:latest

Container suse/mariadb:latest

Container suse/nginx:latest

Container suse/pcp:latest

Container suse/postgres:16

Container suse/postgres:latest

Container suse/registry:latest

Container suse/rmt-server:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/5.1/toolbox:latest

Container suse/sle-micro/5.2/toolbox:latest

Container suse/sle-micro/5.3/toolbox:latest

Container suse/sle-micro/5.4/toolbox:latest

Container suse/sle-micro/5.5/toolbox:latest

Container suse/sle-micro/5.5:latest

Container suse/sle-micro/base-5.5:latest

Container suse/sle-micro/kvm-5.5:latest

Container suse/sle-micro/rt-5.5:latest

Container suse/sle15:15.6

Container suse/stunnel:latest

Container suse/valkey:8

Container suse/valkey:latest

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-10041

Описание

Затронутые продукты

Ссылки