sudo-1.8.6p7-21.el7
エラータID: AXSA:2016-1155:03
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
Security issues fixed with this release:
CVE-2016-7032
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7076
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
N/A
SRPMS
- sudo-1.8.6p7-21.el7.src.rpm
MD5: 7bdbd0c8afe3f3b3c9bd75badbe26a52
SHA-256: 4d66474132174facb87fec28a632c64ed623ef53c2e2a85d7784f27e41139411
Size: 1.96 MB
Asianux Server 7 for x86_64
- sudo-1.8.6p7-21.el7.x86_64.rpm
MD5: bb114e6930a1171ad3cb546e87014234
SHA-256: a08b94e1582881c7a5a3fab8498968e667e8eb4cf955c51506307fc4e81c1ae3
Size: 733.82 kB
日本語