openSUSE-SU-2015:1849-1

Опубликовано: 23 окт. 2015

Источник: suse-cvrf

Описание

Security update for sudo

sudo was updated to fix one security issue.

This security issue was fixed:

CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806).

Список пакетов

openSUSE Leap 42.1

sudo-1.8.10p3-5.1

sudo-devel-1.8.10p3-5.1

sudo-test-1.8.10p3-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2015-10/msg00060.html
E-Mail link for openSUSE-SU-2015:1849-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

Затронутые продукты

openSUSE Leap 42.1:sudo-1.8.10p3-5.1

openSUSE Leap 42.1:sudo-devel-1.8.10p3-5.1

openSUSE Leap 42.1:sudo-test-1.8.10p3-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9680.html
CVE-2014-9680
https://bugzilla.suse.com/917806
SUSE Bug 917806
https://bugzilla.suse.com/919737
SUSE Bug 919737
https://bugzilla.suse.com/921999
SUSE Bug 921999
https://bugzilla.suse.com/953359
SUSE Bug 953359

openSUSE-SU-2015:1849-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2014-9680

Описание

Затронутые продукты

Ссылки