SUSE-SU-2025:20132-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202520132-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20132-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:20132-1
Upstream
Related
Published
2025-03-04T08:28:37Z
Modified
2026-03-23T04:50:03.980394Z
Summary
Security update for pam_u2f
Details

This update for pam_u2f fixes the following issues:

  • update to 1.3.2:

    • Relax authfile permission check to a warning instead of an error to prevent a breaking change locking existing users out of their systems.

  • update to 1.3.1:

    • CVE-2025-23013: Fixed problematic PAM_IGNORE return values in pam_sm_authenticate()(bsc#1233517).
    • Changed return value when nouserok is enabled and the user has no credentials, PAMIGNORE is used instead of PAMSUCCESS.
    • Hardened checks of authfile permissions.
    • Hardened checks for nouserok.
    • Improved debug messages.
    • Improved documentation.
References

Affected packages

SUSE:Linux Micro 6.0 / pam_u2f

Package

Name
pam_u2f
Purl
pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-1.1

Ecosystem specific 

{
    "binaries": [
        {
            "pam_u2f": "1.3.2-1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20132-1.json"