{"affected":[{"ecosystem_specific":{"binaries":[{"login_defs":"4.8.1-150400.3.6.1","shadow":"4.8.1-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"shadow","purl":"pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.1-150400.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"login_defs":"4.8.1-150400.3.6.1","shadow":"4.8.1-150400.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap Micro 5.4","name":"shadow","purl":"pkg:rpm/opensuse/shadow&distro=openSUSE%20Leap%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.1-150400.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for shadow fixes the following issues:\n\n- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).\n\nThe following non-security bugs were fixed:\n\n- bsc#1176006: Fix chage date miscalculation\n- bsc#1188307: Fix passwd segfault\n- bsc#1203823: Remove pam_keyinit from PAM config files\n- bsc#1213189: Change lock mechanism to file locking to prevent\n  lock files after power interruptions\n- bsc#1206627: Add --prefix support to passwd, chpasswd and chage\n- bsc#1205502: useradd audit event user id field cannot be interpretedd \n","id":"SUSE-SU-2024:0939-1","modified":"2024-03-20T08:03:40Z","published":"2024-03-20T08:03:40Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240939-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144060"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176006"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188307"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205502"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206627"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29383"}],"related":["CVE-2023-29383"],"summary":"Security update for shadow","upstream":["CVE-2023-29383"]}