Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Slackware: 2020-031-01 Critical: Sudo Buffer Overflow Exploit

slackware
Calendar Grey January 31, 2020
Dist Slackware Esm H88
Recent updates for Slackware include new sudo packages that fix a severe buffer overflow vulnerability, enhancing overall system safety.
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/sudo-1.8.31-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in some Linux distributions; however, it is not the default for upstream or in Slackware, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. For more information, see: https://www.cve.org/CVERecord?id=CVE-2019-18634 (* Security fix *)

Topics%20covered

Topics Covered

security advisory buffer overflow security fix slackware sudo

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 3a11f049390127f33463fa417e1fa056 sudo-1.8.31-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 062c43b8fe45b3ee9b8266c55d205886 sudo-1.8.31-x86_64-1_slack14.0.txz
Slackware 14.1 package: 47d24d47ba52cf740ab2d272abd5aac7 sudo-1.8.31-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 5132fffc0dff049e181742308ff01bee sudo-1.8.31-x86_64-1_slack14.1.txz
Slackware 14.2 package: afe33f494b86169f3164a65ac63f7585 sudo-1.8.31-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: cdcb11096268b5f6b9eb1f6bcefdbb4d sudo-1.8.31-x86_64-1_slack14.2.txz
Slackware -current package: f9d32384c3d4aafbb7e2bef19d36810b ap/sudo-1.8.31-i586-1.txz
Slackware x86_64 -current package: f2d91e52d9e02ae701cabfd2f586ff07 ap/sudo-1.8.31-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory buffer overflow security fix slackware sudo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg sudo-1.8.31-i586-1_slack14.2.txz

Related News

Your message here