Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2904-1

Опубликовано: 24 нояб. 2016
Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following security issues:

  • Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality:
    • noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
    • noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]
  • Fix unsafe handling of TZ environment variable. [CVE-2014-9680, bsc#917806]

Additionally, these non-security fixes are included in the update:

  • Fix 'ignoring time stamp from the future' message after each boot with !tty_tickets. [bsc#899252]
  • Enable support for SASL-based authentication. [bsc#979531]

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server 12 SP1
sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Software Development Kit 12 SP1
sudo-devel-1.8.10p3-2.6.1

Ссылки

Описание

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Software Development Kit 12 SP1:sudo-devel-1.8.10p3-2.6.1
Ссылки

Описание

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Software Development Kit 12 SP1:sudo-devel-1.8.10p3-2.6.1
Ссылки

Описание

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.6.1
SUSE Linux Enterprise Software Development Kit 12 SP1:sudo-devel-1.8.10p3-2.6.1
Ссылки