Mageia Advisory: 2020-0081 Moderate Sudo Buffer Overflow Vulnerability
mageia
February 9, 2020
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileg...
Summary
The updated packages fix a security vulnerability:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in Linux Mint and elementary OS; however,
it is NOT the default for upstream and many other packages, and would exist
only if enabled by an administrator.) The attacker needs to deliver a long
string to the stdin of getln() in tgetpass.c. (CVE-2019-18634)
References
- https://bugs.mageia.org/show_bug.cgi?id=26155
- - https://www.openwall.com/lists/oss-security/2020/01/30/6
- - https://www.cve.org/CVERecord?id=CVE-2019-18634
Topics Covered
Resolution
SRPMS
- 7/core/sudo-1.8.28-1.1.mga7
PREVIOUS 
NEXT Publication date: 09 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0081.html
Type: security
CVE: CVE-2019-18634
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!