openSUSE-SU-2017:1455-1

Опубликовано: 31 мая 2017

Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

CVE-2017-1000367:

Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361]
Fix FQDN for hostname. [bsc#1024145]
Filter netgroups, they aren't handled by SSSD. [bsc#1015351]
Fix problems related to 'krb5_ccname' option [bsc#981124]

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

sudo-1.8.10p3-9.3.1

sudo-devel-1.8.10p3-9.3.1

sudo-test-1.8.10p3-9.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html
E-Mail link for openSUSE-SU-2017:1455-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Затронутые продукты

openSUSE Leap 42.2:sudo-1.8.10p3-9.3.1

openSUSE Leap 42.2:sudo-devel-1.8.10p3-9.3.1

openSUSE Leap 42.2:sudo-test-1.8.10p3-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000367.html
CVE-2017-1000367
https://bugzilla.suse.com/1007501
SUSE Bug 1007501
https://bugzilla.suse.com/1039361
SUSE Bug 1039361
https://bugzilla.suse.com/1042146
SUSE Bug 1042146
https://bugzilla.suse.com/1077345
SUSE Bug 1077345

openSUSE-SU-2017:1455-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-1000367

Описание

Затронутые продукты

Ссылки