sudo-1.8.23-10.el7.3
エラータID: AXSA:2023-4846:02
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: arbitrary file write with privileges of the RunAs user (CVE-2023-22809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Update packages.
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
N/A
SRPMS
- sudo-1.8.23-10.el7.3.src.rpm
MD5: 42d22fe08e59d8530508333c498408b0
SHA-256: 080315523398bd2caf6eac743500c321e116be9a36f17702b78606c8abd7aa48
Size: 3.08 MB
Asianux Server 7 for x86_64
- sudo-1.8.23-10.el7.3.x86_64.rpm
MD5: 6007c2068d1b555ff6953799e6447d29
SHA-256: 92a791c63fb6f5e4f9832ac5a62aa67aec436fbcb5cb1c78376bc86686c8699e
Size: 842.90 kB
日本語