Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-1701

Опубликовано: 25 нояб. 2013
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2013-1701: sudo security, bug fix and enhancement update (LOW)

[1.8.6p3-12]

  • added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 Resolves: rhbz#1015355

[1.8.6p3-11]

  • sssd: fixed a bug in ipa_hostname processing Resolves: rhbz#853542

[1.8.6p3-10]

  • sssd: fixed buffer size for the ipa_hostname value Resolves: rhbz#853542

[1.8.6p3-9]

  • sssd: match against ipa_hostname from sssd.conf too when checking sudoHost Resolves: rhbz#853542

[1.8.6p3-8]

  • updated man-page
  • fixed handling of RLIMIT_NPROC resource limit
  • fixed alias cycle detection code
  • added debug messages for tracing of netgroup matching
  • fixed aborting on realloc when displaying allowed commands
  • show the SUDO_USER in logs, if running commands as root
  • sssd: filter netgroups in the sudoUser attribute Resolves: rhbz#856901 Resolves: rhbz#947276 Resolves: rhbz#886648 Resolves: rhbz#994563 Resolves: rhbz#848111 Resolves: rhbz#994626 Resolves: rhbz#973228 Resolves: rhbz#880150

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

sudo

1.8.6p3-12.el6

sudo-devel

1.8.6p3-12.el6

Oracle Linux i686

sudo

1.8.6p3-12.el6

sudo-devel

1.8.6p3-12.el6

Связанные CVE

CVE-2013-2776
CVE-2013-1775
CVE-2013-2777

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2013-1353

oracle-oval
почти 12 лет назад

ELSA-2013-1353: sudo security and bug fix update (LOW)

ubuntu логотип

CVE-2013-2776

ubuntu
больше 12 лет назад

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

redhat логотип

CVE-2013-2776

redhat
больше 12 лет назад

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

nvd логотип

CVE-2013-2776

nvd
больше 12 лет назад

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

debian логотип

CVE-2013-2776

debian
больше 12 лет назад

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...