Security update for shadow SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4025-1 Final 1 1 2023-10-10T11:50:10Z current 2023-10-10T11:50:10Z 2023-10-10T11:50:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for shadow This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/cilium-operator:1.6.6-2023-4025,Container caasp/v4/cilium:1.6.6-2023-4025,Container suse/sle15:15.1-2023-4025,Container suse/sle15:15.2-2023-4025,Image SLES15-SP1-SAP-Azure-LI-BYOS-Production-2023-4025,Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production-2023-4025,Image SLES15-SP2-BYOS-Azure-2023-4025,Image SLES15-SP2-HPC-BYOS-Azure-2023-4025,Image SLES15-SP2-SAP-Azure-2023-4025,Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2023-4025,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2023-4025,Image SLES15-SP2-SAP-BYOS-Azure-2023-4025,Image SLES15-SP2-SAP-BYOS-EC2-HVM-2023-4025,Image SLES15-SP2-SAP-BYOS-GCE-2023-4025,Image SLES15-SP2-SAP-EC2-HVM-2023-4025,Image SLES15-SP2-SAP-GCE-2023-4025,SUSE-2023-4025,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4025,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4025,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4025,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4025,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4025,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4025,SUSE-Storage-7-2023-4025 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234025-1/ Link for SUSE-SU-2023:4025-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016611.html E-Mail link for SUSE-SU-2023:4025-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214806 SUSE Bug 1214806 https://www.suse.com/security/cve/CVE-2023-4641/ SUSE CVE CVE-2023-4641 page Container caasp/v4/cilium-operator:1.6.6 Container caasp/v4/cilium:1.6.6 Container suse/sle15:15.1 Container suse/sle15:15.2 Image SLES15-SP1-SAP-Azure-LI-BYOS-Production Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-BYOS-Azure Image SLES15-SP2-HPC-BYOS-Azure Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure Image SLES15-SP2-SAP-BYOS-EC2-HVM Image SLES15-SP2-SAP-BYOS-GCE Image SLES15-SP2-SAP-EC2-HVM Image SLES15-SP2-SAP-GCE SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 shadow-4.6-150100.3.11.1 shadow-4.6-150100.3.11.1 as a component of Container caasp/v4/cilium-operator:1.6.6 shadow-4.6-150100.3.11.1 as a component of Container caasp/v4/cilium:1.6.6 shadow-4.6-150100.3.11.1 as a component of Container suse/sle15:15.1 shadow-4.6-150100.3.11.1 as a component of Container suse/sle15:15.2 shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP1-SAP-Azure-LI-BYOS-Production shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-BYOS-Azure shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-HPC-BYOS-Azure shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-Azure shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-BYOS-Azure shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-BYOS-EC2-HVM shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-BYOS-GCE shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-EC2-HVM shadow-4.6-150100.3.11.1 as a component of Image SLES15-SP2-SAP-GCE shadow-4.6-150100.3.11.1 as a component of SUSE Enterprise Storage 7 shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 shadow-4.6-150100.3.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. CVE-2023-4641 Container caasp/v4/cilium-operator:1.6.6:shadow-4.6-150100.3.11.1 Container caasp/v4/cilium:1.6.6:shadow-4.6-150100.3.11.1 Container suse/sle15:15.1:shadow-4.6-150100.3.11.1 Container suse/sle15:15.2:shadow-4.6-150100.3.11.1 Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:shadow-4.6-150100.3.11.1 Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:shadow-4.6-150100.3.11.1 Image SLES15-SP2-BYOS-Azure:shadow-4.6-150100.3.11.1 Image SLES15-SP2-HPC-BYOS-Azure:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-Azure:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-BYOS-Azure:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-BYOS-GCE:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-EC2-HVM:shadow-4.6-150100.3.11.1 Image SLES15-SP2-SAP-GCE:shadow-4.6-150100.3.11.1 SUSE Enterprise Storage 7:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise Server 15 SP1-LTSS:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise Server 15 SP2-LTSS:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:shadow-4.6-150100.3.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:shadow-4.6-150100.3.11.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234025-1/ https://www.suse.com/security/cve/CVE-2023-4641.html CVE-2023-4641 https://bugzilla.suse.com/1214806 SUSE Bug 1214806