Bug 37334

Summary: CVE-2019-14287 в sudo < 1.8.28
Product: Sisyphus Reporter: Michael Shigorin <mike>
Component: sudoAssignee: Evgeny Sinelnikov <sin>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: major    
Priority: P3 CC: evg, sin
Version: unstable   
Hardware: all   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2019/10/14/1

Description Michael Shigorin 2019-10-15 12:24:45 MSK 
В редких некоробочных конфигурациях возможно непредусмотренное выполнение кода
с euid==0.
Comment 1 Michael Shigorin 2019-10-16 17:57:21 MSK 
Сложно или забыл?
Comment 2 Evgeny Sinelnikov 2019-10-16 19:08:57 MSK 
Проверяю:
#239312 TESTED #1 [test-only] sisyphus sudo.git=1.8.28-alt1

Готов отправить.
Comment 3 Repository Robot 2019-10-16 21:35:34 MSK 
sudo-1:1.8.28-alt1 -> sisyphus:

Tue Oct 15 2019 Evgeny Sinelnikov <sin@altlinux> 1:1.8.28-alt1
- Update to autumn security release (closes: 37334)
- Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287)
- Fix post script for sudowheel control in case of upgrade in not default state