sudo-1.8.29-8.el8.1
エラータID: AXSA:2023-4844:01
The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: arbitrary file write with privileges of the RunAs user
(CVE-2023-22809)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra
arguments passed in the user-provided environment variables (SUDO_EDITOR,
VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to
the list of files to process. This can lead to privilege escalation. Affected
versions are 1.8.0 through 1.9.12.p1. The problem exists because a
user-specified editor may contain a "--" argument that defeats a protection
mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Update packages.
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
N/A
SRPMS
- sudo-1.8.29-8.el8.1.src.rpm
MD5: d5957d039fc5a81beb66f29dbfbf7cd0
SHA-256: dc98d19e7ffacfd198efa9e0a5cdd63be5904092f85a6ea5d52f7f3706f51c26
Size: 3.27 MB
Asianux Server 8 for x86_64
- sudo-1.8.29-8.el8.1.x86_64.rpm
MD5: 20ca84b6fa325c9375703e31df81949c
SHA-256: 31573715f2b302295357bec40f9610cc1f613590d73ec7afbfc49f3b51c1ec05
Size: 924.39 kB
日本語