sudo-1.8.6p7-22.el7
エラータID: AXSA:2017-1690:01
Release date:
Thursday, June 1, 2017 - 11:41
Subject:
sudo-1.8.6p7-22.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
Security issues fixed with this release:
CVE-2017-1000367
Solution:
Update packages.
CVEs:
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Additional Info:
N/A
Download:
SRPMS
- sudo-1.8.6p7-22.el7.src.rpm
MD5: 73234b5d2586cb4a8d9b0f094efa06ef
SHA-256: 2c61354b903d31d5a591372bad7aa2037c877e8d4fd279f6b4a264cc4bf38940
Size: 1.96 MB
Asianux Server 7 for x86_64
- sudo-1.8.6p7-22.el7.x86_64.rpm
MD5: f51c46ccb84df48c23f3c05391c1f1b0
SHA-256: 4cd35fdb7f1c735f792a328ec198e350c260e114e83c4dc12e7ab5694aeb7431
Size: 733.97 kB