Fedora 31: sudo FEDORA-2020-8b563bc5f4

    Date 05 Mar 2020
    398
    Posted By LinuxSecurity Advisories
    - update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 - fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 -
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-8b563bc5f4
    2020-03-06 02:21:35.887216
    --------------------------------------------------------------------------------
    
    Name        : sudo
    Product     : Fedora 31
    Version     : 1.9.0
    Release     : 0.1.b1.fc31
    URL         : https://www.courtesan.com/sudo/
    Summary     : Allows restricted root access for specified users
    Description :
    Sudo (superuser do) allows a system administrator to give certain
    users (or groups of users) the ability to run some (or all) commands
    as root while logging all commands and arguments. Sudo operates on a
    per-command basis.  It is not a replacement for the shell.  Features
    include: the ability to restrict what commands a user may run on a
    per-host basis, copious logging of each command (providing a clear
    audit trail of who did what), a configurable timeout of the sudo
    command, and the ability to use the same configuration file (sudoers)
    on many different machines.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    - update to latest development version 1.9.0b1 - added sudo_logsrvd and
    sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 -
    Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945
    - fixes: CVE-2019-18634  - By using ! character in the shadow file instead of a
    password hash can access to a run as all sudoer account Resolves: rhbz#1786709 -
    fixes CVE-2019-19234 - attacker with access to a Runas ALL sudoer account can
    impersonate a nonexistent user Resolves: rhbz#1786705 - fixes CVE-2019-19232 -
    setrlimit(RLIMIT_CORE): Operation not permitted warning message fix  Resolves:
    rhbz#1773148
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Feb 24 2020 Attila Lakatos  - 1.9.0-0.1.b1
    - update to latest development version 1.9.0b1
    - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages
    Resolves: rhbz#1787823
    - Stack based buffer overflow in when pwfeedback is enabled
    Resolves: rhbz#1796945
    - fixes: CVE-2019-18634 
    - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account
    Resolves: rhbz#1786709
    - fixes CVE-2019-19234
    - attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user
    Resolves: rhbz#1786705
    - fixes CVE-2019-19232
    - setrlimit(RLIMIT_CORE): Operation not permitted warning message fix
    Resolves: rhbz#1773148
    * Mon Nov 11 2019 Radovan Sroka  - 1.8.29-1
    - rebase to 1.8.29
    Resolves: rhbz#1766233
    * Tue Oct 22 2019 Radovan Sroka  - 1.8.28p1-1
    - rebase to 1.8.28p1
    Resolves: rhbz#1762350
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1787823 - sudo-1.8.31 is available
            https://bugzilla.redhat.com/show_bug.cgi?id=1787823
      [ 2 ] Bug #1796945 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1796945
      [ 3 ] Bug #1786709 - CVE-2019-19234 sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1786709
      [ 4 ] Bug #1786705 - CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1786705
      [ 5 ] Bug #1773148 - sudo: setrlimit(RLIMIT_CORE): Operation not permitted
            https://bugzilla.redhat.com/show_bug.cgi?id=1773148
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-8b563bc5f4' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.