Описание
Security update for sudo
This update for sudo fixes the following issues:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
sudo-1.8.27-150000.4.30.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-BYOS-Azure
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-HPC-BYOS-Azure
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-Azure
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-BYOS-Azure
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-BYOS-GCE
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-EC2-HVM
sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-SAP-GCE
sudo-1.8.27-150000.4.30.1
SUSE Enterprise Storage 6
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Enterprise Storage 7
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server 15 SP1-BCL
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server 15 SP1-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server 15 SP2-BCL
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server 15 SP2-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server 15-LTSS
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server for SAP Applications 15
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Manager Proxy 4.1
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Manager Retail Branch Server 4.1
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
SUSE Manager Server 4.1
sudo-1.8.27-150000.4.30.1
sudo-devel-1.8.27-150000.4.30.1
Ссылки
- Link for SUSE-SU-2022:3938-1
- E-Mail link for SUSE-SU-2022:3938-1
- SUSE Security Ratings
- SUSE Bug 1204986
- SUSE CVE CVE-2022-43995 page
Описание
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:sudo-1.8.27-150000.4.30.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-BYOS-Azure:sudo-1.8.27-150000.4.30.1
Image SLES15-SP2-HPC-BYOS-Azure:sudo-1.8.27-150000.4.30.1
Ссылки
- CVE-2022-43995
- SUSE Bug 1204986
- SUSE Bug 1205838
- SUSE Bug 1205969
- SUSE Bug 1206905