Slackware: 2020-031-01: sudo Security Update

    Date31 Jan 2020
    182
    Posted ByLinuxSecurity Advisories
    New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    [slackware-security]  sudo (SSA:2020-031-01)
    
    New sudo packages are available for Slackware 14.0, 14.1, 14.2,
    and -current to fix a security issue.
    
    
    Here are the details from the Slackware 14.2 ChangeLog:
    +--------------------------+
    patches/packages/sudo-1.8.31-i586-1_slack14.2.txz:  Upgraded.
      This update fixes a security issue:
      In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
      trigger a stack-based buffer overflow in the privileged sudo process.
      (pwfeedback is a default setting in some Linux distributions; however, it
      is not the default for upstream or in Slackware, and would exist only if
      enabled by an administrator.) The attacker needs to deliver a long string
      to the stdin of getln() in tgetpass.c.
      For more information, see:
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
      (* Security fix *)
    +--------------------------+
    
    
    Where to find the new packages:
    +-----------------------------+
    
    Thanks to the friendly folks at the OSU Open Source Lab
    (http://osuosl.org) for donating FTP and rsync hosting
    to the Slackware project!  :-)
    
    Also see the "Get Slack" section on http://slackware.com for
    additional mirror sites near you.
    
    Updated package for Slackware 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.31-i486-1_slack14.0.txz
    
    Updated package for Slackware x86_64 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.31-x86_64-1_slack14.0.txz
    
    Updated package for Slackware 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.31-i486-1_slack14.1.txz
    
    Updated package for Slackware x86_64 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.31-x86_64-1_slack14.1.txz
    
    Updated package for Slackware 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.8.31-i586-1_slack14.2.txz
    
    Updated package for Slackware x86_64 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.8.31-x86_64-1_slack14.2.txz
    
    Updated package for Slackware -current:
    ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.31-i586-1.txz
    
    Updated package for Slackware x86_64 -current:
    ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.31-x86_64-1.txz
    
    
    MD5 signatures:
    +-------------+
    
    Slackware 14.0 package:
    3a11f049390127f33463fa417e1fa056  sudo-1.8.31-i486-1_slack14.0.txz
    
    Slackware x86_64 14.0 package:
    062c43b8fe45b3ee9b8266c55d205886  sudo-1.8.31-x86_64-1_slack14.0.txz
    
    Slackware 14.1 package:
    47d24d47ba52cf740ab2d272abd5aac7  sudo-1.8.31-i486-1_slack14.1.txz
    
    Slackware x86_64 14.1 package:
    5132fffc0dff049e181742308ff01bee  sudo-1.8.31-x86_64-1_slack14.1.txz
    
    Slackware 14.2 package:
    afe33f494b86169f3164a65ac63f7585  sudo-1.8.31-i586-1_slack14.2.txz
    
    Slackware x86_64 14.2 package:
    cdcb11096268b5f6b9eb1f6bcefdbb4d  sudo-1.8.31-x86_64-1_slack14.2.txz
    
    Slackware -current package:
    f9d32384c3d4aafbb7e2bef19d36810b  ap/sudo-1.8.31-i586-1.txz
    
    Slackware x86_64 -current package:
    f2d91e52d9e02ae701cabfd2f586ff07  ap/sudo-1.8.31-x86_64-1.txz
    
    
    Installation instructions:
    +------------------------+
    
    Upgrade the package as root:
    # upgradepkg sudo-1.8.31-i586-1_slack14.2.txz
    
    
    +-----+
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.