44965 sudo 2023-01-19 11:22:51 +0300 уязвимость (CVE-2023-22809) 2023-01-22 20:48:55 +0300 1 1 4 Development Sisyphus sudo unstable x86_64 Linux CLOSED FIXED https://www.opennet.ru/opennews/art.shtml?num=58507 P5 blocker --- 1 ya.kak.tak.ff sin amakeenk sin qa-sisyphus oldest_to_newest 220325 0 ya.kak.tak.ff 2023-01-19 11:22:51 +0300 Уязвимость проявляется начиная с ветки 1.8.0 и устранена в корректирующем обновлении sudo 1.9.12p2 https://www.opennet.ru/opennews/art.shtml?num=58507 220326 1 amakeenk 2023-01-19 11:55:58 +0300 Для начала нужно обновить в сизифе. 220331 2 ya.kak.tak.ff 2023-01-19 13:17:56 +0300 Простите больше не мешаю 220453 3 repository-robot 2023-01-22 20:48:55 +0300 sudo-1:1.9.12p2-alt1 -> sisyphus: Sun Jan 22 2023 Evgeny Sinelnikov <sin@altlinux> 1:1.9.12p2-alt1 - Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files.