openSUSE-SU-2017:1697-1

Опубликовано: 26 июн. 2017

Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following security issue:

CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146)

Also the following non security bug was fixed:

Link the 'system_group' plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

sudo-1.8.10p3-9.6.1

sudo-devel-1.8.10p3-9.6.1

sudo-test-1.8.10p3-9.6.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-06/msg00034.html
E-Mail link for openSUSE-SU-2017:1697-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Затронутые продукты

openSUSE Leap 42.2:sudo-1.8.10p3-9.6.1

openSUSE Leap 42.2:sudo-devel-1.8.10p3-9.6.1

openSUSE Leap 42.2:sudo-test-1.8.10p3-9.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000368.html
CVE-2017-1000368
https://bugzilla.suse.com/1039361
SUSE Bug 1039361
https://bugzilla.suse.com/1042146
SUSE Bug 1042146
https://bugzilla.suse.com/1045986
SUSE Bug 1045986

openSUSE-SU-2017:1697-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-1000368

Описание

Затронутые продукты

Ссылки