Bug 44965 (sudo) - уязвимость (CVE-2023-22809)
Summary: уязвимость (CVE-2023-22809)
Status: RESOLVED FIXED
Alias: sudo
Product: Sisyphus
Classification: Development
Component: sudo (show other bugs)
Version: unstable
Hardware: x86_64 Linux
: P5 blocker
Assignee: Evgeny Sinelnikov
QA Contact: qa-sisyphus
URL: https://www.opennet.ru/opennews/art.s...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-19 11:22 MSK by Алексей
Modified: 2023-01-22 20:48 MSK (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей 2023-01-19 11:22:51 MSK
Уязвимость проявляется начиная с ветки 1.8.0 и устранена в корректирующем обновлении sudo 1.9.12p2

https://www.opennet.ru/opennews/art.shtml?num=58507
Comment 1 Alexander Makeenkov 2023-01-19 11:55:58 MSK
Для начала нужно обновить в сизифе.
Comment 2 Алексей 2023-01-19 13:17:56 MSK
Простите больше не мешаю
Comment 3 Repository Robot 2023-01-22 20:48:55 MSK
sudo-1:1.9.12p2-alt1 -> sisyphus:

 Sun Jan 22 2023 Evgeny Sinelnikov <sin@altlinux> 1:1.9.12p2-alt1
 - Update to latest stable bugfix and security release (closes: 44965).
 - Fixed a compilation error on Linux/aarch64 (GitHub#197).
 - Fixed a potential crash introduced in the fix for (GitHub#134):
  + If a user's sudoers entry did not have any RunAs user's set, running
    "sudo -U otheruser -l" would dereference a NULL pointer.
 - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
   a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
 - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
   sudoedit) that could allow a malicious user with sudoedit privileges to edit
   arbitrary files.