Описание
ELSA-2020-0487: sudo security update (IMPORTANT)
[1.8.25p1-8.1]
- RHEL 8.1.0.Z ERRATUM
- CVE-2019-18634 Resolves: rhbz#1798092
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
sudo
1.8.25p1-8.el8_1.1
Oracle Linux x86_64
sudo
1.8.25p1-8.el8_1.1
Связанные CVE
Связанные уязвимости
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users ...
