sudo-1.8.6p3-29.AXS4.3
エラータID: AXSA:2020-4491:02
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Update packages.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
N/A
SRPMS
- sudo-1.8.6p3-29.AXS4.3.src.rpm
MD5: b513c76597d858cec7c7f158fb2d2d22
SHA-256: fa4e20f325a6535715c99d180c208f560a87570ac8d23c0c5ef9becfbe0e4780
Size: 1.87 MB
Asianux Server 4 for x86
- sudo-1.8.6p3-29.AXS4.3.i686.rpm
MD5: 418e5ac6415250db8ae4927045f6417b
SHA-256: 3a51a3763ffe4e15972d0d044b57caf7df7e27b38bd3077ee68d29da2e838e14
Size: 704.39 kB
Asianux Server 4 for x86_64
- sudo-1.8.6p3-29.AXS4.3.x86_64.rpm
MD5: bedbd021556a03984ee5da5a2ab9f91e
SHA-256: 9cc33db5b72f560a0e0d28b61dc9ff078bc0e8351ee22ad680303d1b3c4c8a7d
Size: 711.54 kB
日本語