Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 29 Sudo Update: FEDORA-2019-72755db9c7 Critical Privilege Escalation

fedora
Calendar Grey October 30, 2019
Dist Fedora Esm H88
Ubuntu 18.04 patch fixes a bug in user permissions that could lead to unauthorized system access. Ensure your device is protected with this critical fix.
* Rebase to 1.8.28 * Fixed CVE-2019-14287

Summary

Sudo (superuser do) allows a system administrator to give certain

users (or groups of users) the ability to run some (or all) commands

as root while logging all commands and arguments. Sudo operates on a

per-command basis. It is not a replacement for the shell. Features

include: the ability to restrict what commands a user may run on a

per-host basis, copious logging of each command (providing a clear

audit trail of who did what), a configurable timeout of the sudo

command, and the ability to use the same configuration file (sudoers)

on many different machines.

* Rebase to 1.8.28 * Fixed CVE-2019-14287

* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1

- rebase to 1.8.28

Resolves: rhbz#1761533

- fixes CVE-2019-14287

- Privilege escalation via 'Runas' specification with 'ALL' keyword

Resolves: rhbz#1761584

* Mon Mar 11 2019 Radovan Sroka - 1.8.27-1

- rebase sudo to 1.8.27

* Mon Sep 10 2018 Radovan Sroka 1.8.25-1

- rebase sudo to latest stawble version

- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968)

[ 1 ] Bug #1761533 - sudo-1.8.28 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1761533

[ 2 ] Bug #1761584 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1761584

su -c 'dnf upgrade --advisory FEDORA-2019-72755db9c7' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue fedora critical privilege escalation update information sudo

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.8.28
Release: 1.fc29
URL: Summary : Allows restricted root access for specified users

Topics%20covered

Topics Covered

security advisory security issue fedora critical privilege escalation update information sudo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here