Описание
ELSA-2019-3694: sudo security update (IMPORTANT)
[1.8.25p1-8]
- RHEL-8.1.0
- fixed CVE-2019-14287 Resolves: rhbz#1760696
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
sudo
1.8.25p1-8.el8_1
Oracle Linux x86_64
sudo
1.8.25p1-8.el8_1
Связанные CVE
Связанные уязвимости
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer a ...
