ELSA-2015-1409

Опубликовано: 28 июл. 2015

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2015-1409: sudo security, bug fix, and enhancement update (MODERATE)

[1.8.6p3-19]

RHEL-6.7 erratum
- modified the authlogicfix patch to fix #1144448
- fixed a bug in the ldapusermatchfix patch Resolves: rhbz#1144448 Resolves: rhbz#1142122

[1.8.6p3-18]

RHEL-6.7 erratum
- fixed the mantypos-ldap.patch Resolves: rhbz#1138267

[1.8.6p3-17]

RHEL-6.7 erratum
- added patch for CVE-2014-9680
- added BuildRequires for tzdata Resolves: rhbz#1200253

[1.8.6p3-16]

RHEL-6.7 erratum
- added zlib-devel build required to enable zlib compression support
- fixed two typos in the sudoers.ldap man page
- fixed a hang when duplicate nss entries are specified in nsswitch.conf
- SSSD: implemented sorting of the result entries according to the sudoOrder attribute
- LDAP: fixed logic handling the computation of the 'user matched' flag
- fixed restoring of the SIGPIPE signal in the tgetpass function
- fixed listpw, verifypw + authenticate option logic in LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267 Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves: rhbz#1142122 Resolves: rhbz#1094548 Resolves: rhbz#1144448

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

sudo

1.8.6p3-19.el6

sudo-devel

1.8.6p3-19.el6

Oracle Linux i686

sudo

1.8.6p3-19.el6

sudo-devel

1.8.6p3-19.el6

Связанные CVE

CVE-2014-9680

Ссылки на источники

Связанные уязвимости

CVE-2014-9680

CVSS3: 3.3

ubuntu

больше 8 лет назад

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.