SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:2968-1
Container Tags        : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.104 , suse/sle-micro/5.4/toolbox:latest
Container Release     : 4.2.104
Severity              : important
Type                  : security
References            : 1144060 1176006 1188307 1203823 1205502 1206627 1210507 1213189
                        1214806 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-29383
                        CVE-2023-4641 
-----------------------------------------------------------------

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3591-1
Released:    Wed Sep 13 08:33:55 2023
Summary:     Security update for shadow
Type:        security
Severity:    low
References:  1214806,CVE-2023-4641
This update for shadow fixes the following issues:

- CVE-2023-4641: Fixed potential password leak (bsc#1214806).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:939-1
Released:    Wed Mar 20 09:03:37 2024
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

The following non-security bugs were fixed:

- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2657-1
Released:    Tue Jul 30 15:37:02 2024
Summary:     Security update for shadow
Type:        security
Severity:    important
References:  916845,CVE-2013-4235
This update for shadow fixes the following issues:

- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2807-1
Released:    Wed Aug  7 09:49:17 2024
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1228770,CVE-2013-4235
This update for shadow fixes the following issues:

- Fixed not copying of skel files (bsc#1228770)