You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa sudo

Sigurnosni nedostaci programskog paketa sudo

by - 0

==========================================================================
Ubuntu Security Notice USN-3968-1
May 06, 2019

sudo vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Sudo.

Software Description:
– sudo: Provide limited super user privileges to specific users

Details:

Florian Weimer discovered that Sudo incorrectly handled the noexec
restriction when used with certain applications. A local attacker could
possibly use this issue to bypass configured restrictions and execute
arbitrary commands. (CVE-2016-7076)

It was discovered that Sudo did not properly parse the contents of
/proc/[pid]/stat when attempting to determine its controlling tty. A local
attacker in some configurations could possibly use this to overwrite any
file on the filesystem, bypassing intended permissions. (CVE-2017-1000368)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
sudo 1.8.16-0ubuntu1.6
sudo-ldap 1.8.16-0ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3968-1
CVE-2016-7076, CVE-2017-1000368

Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzQgZ0ACgkQZWnYVadE
vpNzYA//dCrwKRiD4lNuB3F6k+hGUGzYQnQPAOJ8GFes/MPCGBtDJXsT0/SoLqW9
6EYGfWbC8WTxF4Ur0EzalxoXM1+6tOU30GhQUTtQo/+kPj8LP17TrxQp8mbD2qlp
gVGfUknuobEDM0mxJgzAFWhfR3VYJTuviDTBtpOFUoRzOfdvHcIyaP8/kgitpazt
+gXHLuDmuP5nKQ6XwCpeex0hMao96kxXjA/a6OhcpAYtRC7dbyGZHN+RRAFzaE/C
bLh8gqQn0nUoUY6u/HNEZJS0vUD8Kp6btXPtxcVgf2kZaHu+1pbvEN0tP+R49W9Y
/zvC6zZ5PEwj8eBHf2FoUP2AGycVcFHf9vyAPO/CpyDZ0ltSQ/bsmRYoM6MJ8t3v
/WaNz1rejhyhMxtNTHG7Tn9Kc97OIOH6BtVuqdeRHIIlFUaeBQDFn2egr7SsmcO/
VNlldSXSNu5FXlsRlbRGghNwX7PbkdLupS106fIb9hwoJgWY9ci/e8ix73jBDpfu
yaXVIcoy5NEpk38lGSlzpvdKqaQLxXGp/tX+lnr4ZuD2OliyzJm902oTsppxmyQZ
4QENn+Kl6es0bvTh4W44TPMHq5qen7U61QUY/W1wc029UYNh7Ga42iIWmYA7R0sn
I7zatPbCrLn+k2cpDVwZ/0MIj4FraRMBps3SrI0muv3ttl7MmC4=
=4ZZZ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa FFmpeg

Otkriveni su sigurnosni nedostaci u programskom paketu FFmpeg za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...

Close