sudo-1.9.7p2-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11413 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z sudo-1.9.7p2-1.4 on GA media These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11413 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-4158/ SUSE CVE CVE-2005-4158 page https://www.suse.com/security/cve/CVE-2014-9680/ SUSE CVE CVE-2014-9680 page https://www.suse.com/security/cve/CVE-2016-7032/ SUSE CVE CVE-2016-7032 page https://www.suse.com/security/cve/CVE-2016-7076/ SUSE CVE CVE-2016-7076 page https://www.suse.com/security/cve/CVE-2017-1000367/ SUSE CVE CVE-2017-1000367 page https://www.suse.com/security/cve/CVE-2017-1000368/ SUSE CVE CVE-2017-1000368 page https://www.suse.com/security/cve/CVE-2019-14287/ SUSE CVE CVE-2019-14287 page https://www.suse.com/security/cve/CVE-2019-18634/ SUSE CVE CVE-2019-18634 page https://www.suse.com/security/cve/CVE-2021-23239/ SUSE CVE CVE-2021-23239 page https://www.suse.com/security/cve/CVE-2021-23240/ SUSE CVE CVE-2021-23240 page https://www.suse.com/security/cve/CVE-2021-3156/ SUSE CVE CVE-2021-3156 page openSUSE Tumbleweed sudo-1.9.7p2-1.4 sudo-devel-1.9.7p2-1.4 sudo-plugin-python-1.9.7p2-1.4 sudo-test-1.9.7p2-1.4 sudo-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-devel-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-plugin-python-1.9.7p2-1.4 as a component of openSUSE Tumbleweed sudo-test-1.9.7p2-1.4 as a component of openSUSE Tumbleweed Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVE-2005-4158 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-4158.html CVE-2005-4158 https://bugzilla.suse.com/140300 SUSE Bug 140300 https://bugzilla.suse.com/145687 SUSE Bug 145687 https://bugzilla.suse.com/159599 SUSE Bug 159599 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. CVE-2014-9680 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 6.2 AV:L/AC:M/Au:S/C:C/I:C/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9680.html CVE-2014-9680 https://bugzilla.suse.com/917806 SUSE Bug 917806 https://bugzilla.suse.com/919737 SUSE Bug 919737 https://bugzilla.suse.com/921999 SUSE Bug 921999 https://bugzilla.suse.com/953359 SUSE Bug 953359 sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. CVE-2016-7032 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7032.html CVE-2016-7032 https://bugzilla.suse.com/1007501 SUSE Bug 1007501 https://bugzilla.suse.com/1007766 SUSE Bug 1007766 https://bugzilla.suse.com/1011975 SUSE Bug 1011975 https://bugzilla.suse.com/1011976 SUSE Bug 1011976 sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. CVE-2016-7076 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7076.html CVE-2016-7076 https://bugzilla.suse.com/1007501 SUSE Bug 1007501 https://bugzilla.suse.com/1011975 SUSE Bug 1011975 https://bugzilla.suse.com/1011976 SUSE Bug 1011976 Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. CVE-2017-1000367 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-1000367.html CVE-2017-1000367 https://bugzilla.suse.com/1007501 SUSE Bug 1007501 https://bugzilla.suse.com/1039361 SUSE Bug 1039361 https://bugzilla.suse.com/1042146 SUSE Bug 1042146 https://bugzilla.suse.com/1077345 SUSE Bug 1077345 Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVE-2017-1000368 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-1000368.html CVE-2017-1000368 https://bugzilla.suse.com/1039361 SUSE Bug 1039361 https://bugzilla.suse.com/1042146 SUSE Bug 1042146 https://bugzilla.suse.com/1045986 SUSE Bug 1045986 In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. CVE-2019-14287 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14287.html CVE-2019-14287 https://bugzilla.suse.com/1153674 SUSE Bug 1153674 https://bugzilla.suse.com/1156093 SUSE Bug 1156093 In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. CVE-2019-18634 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18634.html CVE-2019-18634 https://bugzilla.suse.com/1162202 SUSE Bug 1162202 The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-23239.html CVE-2021-23239 https://bugzilla.suse.com/1171722 SUSE Bug 1171722 https://bugzilla.suse.com/1180684 SUSE Bug 1180684 selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. CVE-2021-23240 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-23240.html CVE-2021-23240 https://bugzilla.suse.com/1171722 SUSE Bug 1171722 https://bugzilla.suse.com/1180685 SUSE Bug 1180685 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVE-2021-3156 openSUSE Tumbleweed:sudo-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4 openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3156.html CVE-2021-3156 https://bugzilla.suse.com/1180684 SUSE Bug 1180684 https://bugzilla.suse.com/1181090 SUSE Bug 1181090 https://bugzilla.suse.com/1181506 SUSE Bug 1181506 https://bugzilla.suse.com/1181657 SUSE Bug 1181657 https://bugzilla.suse.com/1183936 SUSE Bug 1183936 https://bugzilla.suse.com/1218863 SUSE Bug 1218863 https://bugzilla.suse.com/1225623 SUSE Bug 1225623