sudo-1.8.6p3-29.AXS4

エラータID: AXSA:2017-1709:03

Release date: 
Monday, June 26, 2017 - 18:48
Subject: 
sudo-1.8.6p3-29.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

Security issues fixed with this release:

CVE-2017-1000368
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an
input validation (embedded newlines) in the get_process_ttyname()
function resulting in information disclosure and command execution.

Solution: 

Update packages.

CVEs: 
CVE-2017-1000368
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. sudo-1.8.6p3-29.AXS4.src.rpm
    MD5: 56eacaa8ba972ec56da1b289cf0fa346
    SHA-256: 47daed4329ac49c38191089d7510b86486dd5d8f5b825e136cdc6bfbeea6b96d
    Size: 1.87 MB

Asianux Server 4 for x86
  1. sudo-1.8.6p3-29.AXS4.i686.rpm
    MD5: f9105070ff0a1d30a5e69d72b8ed5420
    SHA-256: af303dd6bbbba3a91cf1eb88b5eab92afdf7cc9d977084c86dfda682352c2674
    Size: 703.21 kB

Asianux Server 4 for x86_64
  1. sudo-1.8.6p3-29.AXS4.x86_64.rpm
    MD5: da54395cc070d0482157342cf4080367
    SHA-256: 8cd8a7bf7bf5387d5d629548002247584679968b64a0446c0c5e584693433f5b
    Size: 710.03 kB