sudo-1.8.25p1-8.el8.1
エラータID: AXSA:2020-117:04
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Update packages.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
N/A
SRPMS
- sudo-1.8.25p1-8.el8.1.src.rpm
MD5: 92e2c29c6e3ea92f0f7b7ed4070c9652
SHA-256: c6eaf1a3ba12ba6b0a161262233030d131169df86c8d71a125622fc216f9c1a7
Size: 3.11 MB
Asianux Server 8 for x86_64
- sudo-1.8.25p1-8.el8.1.x86_64.rpm
MD5: d56625876aa977b68e15c6a25ddec9a3
SHA-256: fb7a9fa69a41f141eec7c73cef677769035bde2ea363b486039a2cdc74c9cdd8
Size: 874.05 kB
日本語