sudo-1.8.6p7-20.el7

エラータID: AXSA:2016-1113:02

Release date: 
Tuesday, November 29, 2016 - 08:50
Subject: 
sudo-1.8.6p7-20.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

Security issues fixed with this release:

CVE-2016-7091
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Additional Changes:

Solution: 

Update packages.

CVEs: 
CVE-2016-7091
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
Additional Info: 

N/A

Download: 

SRPMS
  1. sudo-1.8.6p7-20.el7.src.rpm
    MD5: eea67819b21f294c5f4e6fe8267e378c
    SHA-256: 22ebfc8cfca643227dadfa417baa741756b105062fdfcb817129b3a4a7f2f105
    Size: 1.96 MB

Asianux Server 7 for x86_64
  1. sudo-1.8.6p7-20.el7.x86_64.rpm
    MD5: b848cc0a559eb2b851b4d7241ac6b578
    SHA-256: 96e04dd83920b0421dd0f705b3469d47875f1c2fe93834426fef437f35729156
    Size: 734.04 kB