sudo-1.8.6p3-25.AXS4

エラータID: AXSA:2016-1156:02

Release date: 
Tuesday, December 6, 2016 - 19:02
Subject: 
sudo-1.8.6p3-25.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

Security issues fixed with this release:

CVE-2016-7032
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7076
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-7032
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
CVE-2016-7076
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
Additional Info: 

N/A

Download: 

SRPMS
  1. sudo-1.8.6p3-25.AXS4.src.rpm
    MD5: 4c011bb1973483826e14fb50baf4a794
    SHA-256: 86c5bcb396766e6be01c749fec09d2ecd73b6a862992a01d32198c790598aa52
    Size: 1.86 MB

Asianux Server 4 for x86
  1. sudo-1.8.6p3-25.AXS4.i686.rpm
    MD5: f8282677edbe6e836d0efeb40777ce6d
    SHA-256: 958eb0bb65146396887c8d78ca350aeb76438e02499c198c00c9c46b093b1545
    Size: 702.14 kB

Asianux Server 4 for x86_64
  1. sudo-1.8.6p3-25.AXS4.x86_64.rpm
    MD5: 41c675a8d1a6a54b2288b7dae1304354
    SHA-256: c667a765c5379f7dcbd3b07cf6a0e1740ceac66363331633b05cac2ef2053527
    Size: 708.89 kB