Download
| Alert*
oval:org.secpod.oval:def:89044767
This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. Also the following non security bug was fixed: - Link ... oval:org.secpod.oval:def:55017 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:89045014 This update for sudo fixes the following issues: - A regression in the fix for the CVE-2017-1000368 that broke sudo with the requiretty flag oval:org.secpod.oval:def:204524 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:204526 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:1501903 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501902 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501906 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1901858 Todd Miller"s sudo version 1.8.20p1 and earlier is vulnerable to an input validation in the get_process_ttyname function resulting in information disclosure and command execution. oval:org.secpod.oval:def:502054 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:1600731 It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root oval:org.secpod.oval:def:54576 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:1700229 When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.This can be used by a user with sufficient sudo privileges to run commands as root even if the ... |