SUSE-SU-2015:0985-1

Опубликовано: 20 мар. 2014

Источник: suse-cvrf

Описание

Security update for sudo

This collective update for sudo provides fixes for the following issues:

* Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running 'sudo -s'. (bnc#868444) * Command 'who -m' prints no output when using log_input/log_output sudo options. (bnc#863025)

Security Issues references:

* CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3

sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

sudo-1.7.6p2-0.21.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150985-1/
Link for SUSE-SU-2015:0985-1
https://lists.suse.com/pipermail/sle-security-updates/2015-June/001420.html
E-Mail link for SUSE-SU-2015:0985-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/823292
SUSE Bug 823292
https://bugzilla.suse.com/823796
SUSE Bug 823796
https://bugzilla.suse.com/863025
SUSE Bug 863025
https://bugzilla.suse.com/866503
SUSE Bug 866503
https://bugzilla.suse.com/868444
SUSE Bug 868444
https://bugzilla.suse.com/880764
SUSE Bug 880764
https://bugzilla.suse.com/901145
SUSE Bug 901145
https://bugzilla.suse.com/904694
SUSE Bug 904694
https://bugzilla.suse.com/917806
SUSE Bug 917806
https://www.suse.com/security/cve/CVE-2014-0106/
SUSE CVE CVE-2014-0106 page
https://www.suse.com/security/cve/CVE-2014-9680/
SUSE CVE CVE-2014-9680 page

Описание

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:sudo-1.7.6p2-0.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-0106.html
CVE-2014-0106
https://bugzilla.suse.com/866503
SUSE Bug 866503

Описание

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server 11 SP3:sudo-1.7.6p2-0.21.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:sudo-1.7.6p2-0.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9680.html
CVE-2014-9680
https://bugzilla.suse.com/917806
SUSE Bug 917806
https://bugzilla.suse.com/919737
SUSE Bug 919737
https://bugzilla.suse.com/921999
SUSE Bug 921999
https://bugzilla.suse.com/953359
SUSE Bug 953359

SUSE-SU-2015:0985-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

Ссылки

Уязвимость: CVE-2014-0106

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2014-9680

Описание

Затронутые продукты

Ссылки