Linux Security
    Linux Security
    Linux Security

    Slackware: 2020-031-01: sudo Security Update

    Date 31 Jan 2020
    549
    Posted By LinuxSecurity Advisories
    New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    [slackware-security]  sudo (SSA:2020-031-01)
    
    New sudo packages are available for Slackware 14.0, 14.1, 14.2,
    and -current to fix a security issue.
    
    
    Here are the details from the Slackware 14.2 ChangeLog:
    +--------------------------+
    patches/packages/sudo-1.8.31-i586-1_slack14.2.txz:  Upgraded.
      This update fixes a security issue:
      In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
      trigger a stack-based buffer overflow in the privileged sudo process.
      (pwfeedback is a default setting in some Linux distributions; however, it
      is not the default for upstream or in Slackware, and would exist only if
      enabled by an administrator.) The attacker needs to deliver a long string
      to the stdin of getln() in tgetpass.c.
      For more information, see:
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
      (* Security fix *)
    +--------------------------+
    
    
    Where to find the new packages:
    +-----------------------------+
    
    Thanks to the friendly folks at the OSU Open Source Lab
    (https://osuosl.org) for donating FTP and rsync hosting
    to the Slackware project!  :-)
    
    Also see the "Get Slack" section on https://slackware.com for
    additional mirror sites near you.
    
    Updated package for Slackware 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.31-i486-1_slack14.0.txz
    
    Updated package for Slackware x86_64 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.31-x86_64-1_slack14.0.txz
    
    Updated package for Slackware 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.31-i486-1_slack14.1.txz
    
    Updated package for Slackware x86_64 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.31-x86_64-1_slack14.1.txz
    
    Updated package for Slackware 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.8.31-i586-1_slack14.2.txz
    
    Updated package for Slackware x86_64 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.8.31-x86_64-1_slack14.2.txz
    
    Updated package for Slackware -current:
    ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.31-i586-1.txz
    
    Updated package for Slackware x86_64 -current:
    ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.31-x86_64-1.txz
    
    
    MD5 signatures:
    +-------------+
    
    Slackware 14.0 package:
    3a11f049390127f33463fa417e1fa056  sudo-1.8.31-i486-1_slack14.0.txz
    
    Slackware x86_64 14.0 package:
    062c43b8fe45b3ee9b8266c55d205886  sudo-1.8.31-x86_64-1_slack14.0.txz
    
    Slackware 14.1 package:
    47d24d47ba52cf740ab2d272abd5aac7  sudo-1.8.31-i486-1_slack14.1.txz
    
    Slackware x86_64 14.1 package:
    5132fffc0dff049e181742308ff01bee  sudo-1.8.31-x86_64-1_slack14.1.txz
    
    Slackware 14.2 package:
    afe33f494b86169f3164a65ac63f7585  sudo-1.8.31-i586-1_slack14.2.txz
    
    Slackware x86_64 14.2 package:
    cdcb11096268b5f6b9eb1f6bcefdbb4d  sudo-1.8.31-x86_64-1_slack14.2.txz
    
    Slackware -current package:
    f9d32384c3d4aafbb7e2bef19d36810b  ap/sudo-1.8.31-i586-1.txz
    
    Slackware x86_64 -current package:
    f2d91e52d9e02ae701cabfd2f586ff07  ap/sudo-1.8.31-x86_64-1.txz
    
    
    Installation instructions:
    +------------------------+
    
    Upgrade the package as root:
    # upgradepkg sudo-1.8.31-i586-1_slack14.2.txz
    
    
    +-----+
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.5,"resources":[]},{"id":"159","title":"False","votes":"496","type":"x","order":"2","pct":96.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.