sudo-1.8.6p3-28.AXS4
エラータID: AXSA:2017-1687:02
Release date:
Wednesday, May 31, 2017 - 01:04
Subject:
sudo-1.8.6p3-28.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
Security issues fixed with this release:
CVE-2017-1000367
Solution:
Update packages.
CVEs:
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Additional Info:
N/A
Download:
SRPMS
- sudo-1.8.6p3-28.AXS4.src.rpm
MD5: bb88770d5d8410830a39b5031f1da22a
SHA-256: ff906259aa1ef426c414aa5cc6e689186d8effc179150531193c515a596462c1
Size: 1.87 MB
Asianux Server 4 for x86
- sudo-1.8.6p3-28.AXS4.i686.rpm
MD5: c1f66830e2c5bdd1c9ef7baf4de52048
SHA-256: 23dd45745314f0bf143828ee2d76619a1250420eb810231498b37497429fc728
Size: 702.95 kB
Asianux Server 4 for x86_64
- sudo-1.8.6p3-28.AXS4.x86_64.rpm
MD5: d4c2551f3fd68fdc2577468d311092f2
SHA-256: a1ed0a5cbaad25e86a1b0ef3d4270e67cbadd41a68eb27387a801f2b651ea93d
Size: 709.77 kB
日本語