Описание
Security update for sudo
This update for sudo fixes the following issues:
- A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag (bsc#1045986)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server 12-LTSS
sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server for SAP Applications 12
sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
sudo-1.8.10p3-2.19.1
SUSE OpenStack Cloud 6
sudo-1.8.10p3-2.19.1
Ссылки
- Link for SUSE-SU-2017:1778-1
- E-Mail link for SUSE-SU-2017:1778-1
- SUSE Security Ratings
- SUSE Bug 1045986
- SUSE CVE CVE-2017-1000368 page
Описание
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server 12-LTSS:sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.19.1
SUSE Linux Enterprise Server for SAP Applications 12:sudo-1.8.10p3-2.19.1
Ссылки
- CVE-2017-1000368
- SUSE Bug 1039361
- SUSE Bug 1042146
- SUSE Bug 1045986