Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0890-1

Опубликовано: 14 мар. 2024
Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

  • CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).

Список пакетов

Image SLES12-SP5-Azure-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-Basic-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-HPC-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-HPC-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-SAP-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-SAP-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-Standard-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-EC2-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-EC2-ECS-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-EC2-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-EC2-SAP-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-EC2-SAP-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-GCE-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-GCE-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-GCE-SAP-BYOS
sudo-1.8.27-4.48.2
Image SLES12-SP5-GCE-SAP-On-Demand
sudo-1.8.27-4.48.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
sudo-1.8.27-4.48.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
sudo-1.8.27-4.48.2
SUSE Linux Enterprise Server 12 SP5
sudo-1.8.27-4.48.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
sudo-1.8.27-4.48.2
SUSE Linux Enterprise Software Development Kit 12 SP5
sudo-devel-1.8.27-4.48.2

Ссылки

Описание

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-Basic-On-Demand:sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-HPC-BYOS:sudo-1.8.27-4.48.2
Image SLES12-SP5-Azure-HPC-On-Demand:sudo-1.8.27-4.48.2
Ссылки