Summary: | уязвимость (CVE-2023-22809) | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | Алексей <ya.kak.tak.ff> |
Component: | sudo | Assignee: | Evgeny Sinelnikov <sin> |
Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
Severity: | blocker | ||
Priority: | P5 | CC: | amakeenk, sin |
Version: | unstable | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
URL: | https://www.opennet.ru/opennews/art.shtml?num=58507 |
Description
Алексей
2023-01-19 11:22:51 MSK
Для начала нужно обновить в сизифе. Простите больше не мешаю sudo-1:1.9.12p2-alt1 -> sisyphus: Sun Jan 22 2023 Evgeny Sinelnikov <sin@altlinux> 1:1.9.12p2-alt1 - Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. |