Bug 44965 (sudo)

Summary: уязвимость (CVE-2023-22809)
Product: Sisyphus Reporter: Алексей <ya.kak.tak.ff>
Component: sudoAssignee: Evgeny Sinelnikov <sin>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P5 CC: amakeenk, sin
Version: unstable   
Hardware: x86_64   
OS: Linux   
URL: https://www.opennet.ru/opennews/art.shtml?num=58507

Description Алексей 2023-01-19 11:22:51 MSK 
Уязвимость проявляется начиная с ветки 1.8.0 и устранена в корректирующем обновлении sudo 1.9.12p2

https://www.opennet.ru/opennews/art.shtml?num=58507
Comment 1 Alexander Makeenkov 2023-01-19 11:55:58 MSK 
Для начала нужно обновить в сизифе.
Comment 2 Алексей 2023-01-19 13:17:56 MSK 
Простите больше не мешаю
Comment 3 Repository Robot 2023-01-22 20:48:55 MSK 
sudo-1:1.9.12p2-alt1 -> sisyphus:

 Sun Jan 22 2023 Evgeny Sinelnikov <sin@altlinux> 1:1.9.12p2-alt1
 - Update to latest stable bugfix and security release (closes: 44965).
 - Fixed a compilation error on Linux/aarch64 (GitHub#197).
 - Fixed a potential crash introduced in the fix for (GitHub#134):
  + If a user's sudoers entry did not have any RunAs user's set, running
    "sudo -U otheruser -l" would dereference a NULL pointer.
 - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
   a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
 - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
   sudoedit) that could allow a malicious user with sudoedit privileges to edit
   arbitrary files.