Описание
ELSA-2020-0540: sudo security update (IMPORTANT)
[1.8.23-4.0.2.2]
- Bump release to avoid conflict with previous Orace Linux errata
[1.8.23-4.2]
- RHEL 7.7.z
- fixed CVE-2019-18634 Resolves: rhbz#1798094
[1.8.23-4.1]
- RHEL-7.7.z
- fixed CVE-2019-14287 Resolves: rhbz#1760694
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
sudo
1.8.23-4.0.2.el7_7.2
sudo-devel
1.8.23-4.0.2.el7_7.2
Oracle Linux x86_64
sudo
1.8.23-4.0.2.el7_7.2
sudo-devel
1.8.23-4.0.2.el7_7.2
Связанные CVE
Связанные уязвимости
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users ...
