Bug 37334 - CVE-2019-14287 в sudo < 1.8.28
Summary: CVE-2019-14287 в sudo < 1.8.28
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: sudo (show other bugs)
Version: unstable
Hardware: all Linux
: P3 major
Assignee: Evgeny Sinelnikov
QA Contact: qa-sisyphus
URL: https://www.openwall.com/lists/oss-se...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-15 12:24 MSK by Michael Shigorin
Modified: 2019-10-16 21:35 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Shigorin 2019-10-15 12:24:45 MSK 
В редких некоробочных конфигурациях возможно непредусмотренное выполнение кода
с euid==0.
Comment 1 Michael Shigorin 2019-10-16 17:57:21 MSK 
Сложно или забыл?
Comment 2 Evgeny Sinelnikov 2019-10-16 19:08:57 MSK 
Проверяю:
#239312 TESTED #1 [test-only] sisyphus sudo.git=1.8.28-alt1

Готов отправить.
Comment 3 Repository Robot 2019-10-16 21:35:34 MSK 
sudo-1:1.8.28-alt1 -> sisyphus:

Tue Oct 15 2019 Evgeny Sinelnikov <sin@altlinux> 1:1.8.28-alt1
- Update to autumn security release (closes: 37334)
- Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287)
- Fix post script for sudowheel control in case of upgrade in not default state