You are here
Home > Preporuke > Ranjivost programskog paketa sudo

Ranjivost programskog paketa sudo

by ncert - 0

SUSE Security Update: Security update for sudo
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0475-1
Rating: important
References: #863025 #866503 #868444
Cross-References: CVE-2014-0106
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This collective update for sudo provides fixes for the
following issues:

* Security policy bypass when env_reset is disabled.
(CVE-2014-0106, bnc#866503)
* Regression in the previous update that causes a
segmentation fault when running “sudo -s”. (bnc#868444)
* Command “who -m” prints no output when using
log_input/log_output sudo options. (bnc#863025)

Security Issues references:

* CVE-2014-0106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-sudo-9044

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-sudo-9044

– SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-sudo-9044

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

sudo-1.7.6p2-0.21.1

– SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

sudo-1.7.6p2-0.21.1

– SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

sudo-1.7.6p2-0.21.1

References:

http://support.novell.com/security/cve/CVE-2014-0106.html
https://bugzilla.novell.com/863025
https://bugzilla.novell.com/866503
https://bugzilla.novell.com/868444
http://download.suse.com/patch/finder/?keywords=7394054678cda176999ab258b218cb1d


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

ncert
Top
More in Preporuke
Ranjivosti programskog paketa lighttpd

Otkrivene su dvije ranjivosti programskog paketa lighttpd distribuiranog na SUSE LE. Uočeno je da posebno oblikovani nazivi računala mogu biti...

Close