{"affected":[{"ecosystem_specific":{"binaries":[{"pam_u2f":"1.3.2-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"pam_u2f","purl":"pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.2-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pam_u2f fixes the following issues:\n\n- update to 1.3.2:\n  * Relax authfile permission check to a warning instead of an error to prevent\n    a breaking change locking existing users out of their systems. \n\n- update to 1.3.1:\n  * CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()`(bsc#1233517).\n  * Changed return value when nouserok is enabled and the user has no\n  credentials, PAM_IGNORE is used instead of PAM_SUCCESS.\n  * Hardened checks of authfile permissions.\n  * Hardened checks for nouserok.\n  * Improved debug messages.\n  * Improved documentation. \n\n","id":"SUSE-SU-2025:20132-1","modified":"2025-03-04T08:28:37Z","published":"2025-03-04T08:28:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520132-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-23013"}],"related":["CVE-2025-23013"],"summary":"Security update for pam_u2f","upstream":["CVE-2025-23013"]}