{"affected":[{"ecosystem_specific":{"binaries":[{"login_defs":"4.8.1-150500.3.3.1","shadow":"4.8.1-150500.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"shadow","purl":"pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.1-150500.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for shadow fixes the following issues:\n\n- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). \n- CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806).\n\nThe following non-security bugs were fixed:\n\n- bsc#1176006: Fix chage date miscalculation\n- bsc#1188307: Fix passwd segfault\n- bsc#1203823: Remove pam_keyinit from PAM config files\n- bsc#1213189: Change lock mechanism to file locking to prevent\nlock files after power interruptions\n- bsc#1206627: Add --prefix support to passwd, chpasswd and chage\n- bsc#1205502: useradd audit event user id field cannot be interpretedd\n","id":"SUSE-SU-2024:1007-2","modified":"2024-03-27T09:51:45Z","published":"2024-03-27T09:51:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241007-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144060"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176006"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188307"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205502"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206627"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213189"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29383"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-4641"}],"related":["CVE-2023-29383","CVE-2023-4641"],"summary":"Security update for shadow","upstream":["CVE-2023-29383","CVE-2023-4641"]}