SUSE-SU-2024:1007-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20241007-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1007-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:1007-1
- Upstream
- Related
- Published
- 2024-03-27T09:51:45Z
- Modified
- 2025-05-02T04:34:52.515706Z
- Summary
- Security update for shadow
- Details
-
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
- CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20241007-1/
- https://bugzilla.suse.com/1144060
- https://bugzilla.suse.com/1176006
- https://bugzilla.suse.com/1188307
- https://bugzilla.suse.com/1203823
- https://bugzilla.suse.com/1205502
- https://bugzilla.suse.com/1206627
- https://bugzilla.suse.com/1210507
- https://bugzilla.suse.com/1213189
- https://bugzilla.suse.com/1214806
- https://www.suse.com/security/cve/CVE-2023-29383
- https://www.suse.com/security/cve/CVE-2023-4641
Affected packages
SUSE:Linux Enterprise Micro 5.5 / shadow
Package
- Name
- shadow
- Purl
- pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.8.1-150500.3.3.1