SUSE-SU-2022:3886-1

Опубликовано: 07 нояб. 2022

Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

sudo-1.8.10p3-10.38.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223886-1/
Link for SUSE-SU-2022:3886-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html
E-Mail link for SUSE-SU-2022:3886-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1204986
SUSE Bug 1204986
https://www.suse.com/security/cve/CVE-2022-43995/
SUSE CVE CVE-2022-43995 page

Описание

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.38.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-43995.html
CVE-2022-43995
https://bugzilla.suse.com/1204986
SUSE Bug 1204986
https://bugzilla.suse.com/1205838
SUSE Bug 1205838
https://bugzilla.suse.com/1205969
SUSE Bug 1205969
https://bugzilla.suse.com/1206905
SUSE Bug 1206905

SUSE-SU-2022:3886-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

Ссылки

Уязвимость: CVE-2022-43995

Описание

Затронутые продукты

Ссылки