Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4077-1

Опубликовано: 18 нояб. 2022
Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

  • CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).

  • Fix wrong information output in the error message (bsc#1190818).

  • Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).

Список пакетов

Container ses/7.1/cephcsi/cephcsi:latest
sudo-1.9.5p2-150300.3.13.1
Container ses/7.1/rook/ceph:latest
sudo-1.9.5p2-150300.3.13.1
Container suse/sle-micro-rancher/5.2:latest
sudo-1.9.5p2-150300.3.13.1
Container suse/sle-micro/5.1/toolbox:latest
sudo-1.9.5p2-150300.3.13.1
Container suse/sle-micro/5.2/toolbox:latest
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-CHOST-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-CHOST-BYOS-EC2
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-CHOST-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-HPC-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-HPC-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAP-BYOS-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAP-BYOS-GCE
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAPCAL-Azure
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAPCAL-EC2-HVM
sudo-1.9.5p2-150300.3.13.1
Image SLES15-SP3-SAPCAL-GCE
sudo-1.9.5p2-150300.3.13.1
SUSE Linux Enterprise Micro 5.1
sudo-1.9.5p2-150300.3.13.1
SUSE Linux Enterprise Micro 5.2
sudo-1.9.5p2-150300.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
sudo-1.9.5p2-150300.3.13.1
sudo-devel-1.9.5p2-150300.3.13.1
sudo-plugin-python-1.9.5p2-150300.3.13.1
openSUSE Leap 15.3
sudo-1.9.5p2-150300.3.13.1
sudo-devel-1.9.5p2-150300.3.13.1
sudo-plugin-python-1.9.5p2-150300.3.13.1
sudo-test-1.9.5p2-150300.3.13.1
openSUSE Leap Micro 5.2
sudo-1.9.5p2-150300.3.13.1

Ссылки

Описание

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:sudo-1.9.5p2-150300.3.13.1
Container ses/7.1/rook/ceph:latest:sudo-1.9.5p2-150300.3.13.1
Container suse/sle-micro-rancher/5.2:latest:sudo-1.9.5p2-150300.3.13.1
Container suse/sle-micro/5.1/toolbox:latest:sudo-1.9.5p2-150300.3.13.1
Ссылки