pam_u2f-1.3.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14650-1 Final 1 1 2025-01-15T00:00:00Z current 2025-01-15T00:00:00Z 2025-01-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z pam_u2f-1.3.1-1.1 on GA media These are all security issues fixed in the pam_u2f-1.3.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14650 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-23013/ SUSE CVE CVE-2025-23013 page openSUSE Tumbleweed pam_u2f-1.3.1-1.1 pam_u2f-1.3.1-1.1 as a component of openSUSE Tumbleweed In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password. CVE-2025-23013 openSUSE Tumbleweed:pam_u2f-1.3.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-23013.html CVE-2025-23013 https://bugzilla.suse.com/1233517 SUSE Bug 1233517