sudo-1.8.6p3-29.AXS4.3
エラータID: AXSA:2020-4491:02
リリース日:
2020/03/06 Friday - 16:48
題名:
sudo-1.8.6p3-29.AXS4.3
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- sudo には /etc/sudoers で pwfeedback が有効になっている場合、ユーザが特権 sudo プロセスで
スタックベースのバッファオーバーフローを引き起こす脆弱性があります。(CVE-2019-18634)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
追加情報:
N/A
ダウンロード:
SRPMS
- sudo-1.8.6p3-29.AXS4.3.src.rpm
MD5: b513c76597d858cec7c7f158fb2d2d22
SHA-256: fa4e20f325a6535715c99d180c208f560a87570ac8d23c0c5ef9becfbe0e4780
Size: 1.87 MB
Asianux Server 4 for x86
- sudo-1.8.6p3-29.AXS4.3.i686.rpm
MD5: 418e5ac6415250db8ae4927045f6417b
SHA-256: 3a51a3763ffe4e15972d0d044b57caf7df7e27b38bd3077ee68d29da2e838e14
Size: 704.39 kB
Asianux Server 4 for x86_64
- sudo-1.8.6p3-29.AXS4.3.x86_64.rpm
MD5: bedbd021556a03984ee5da5a2ab9f91e
SHA-256: 9cc33db5b72f560a0e0d28b61dc9ff078bc0e8351ee22ad680303d1b3c4c8a7d
Size: 711.54 kB