Slackware: 2023-018-01: sudo Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  sudo (SSA:2023-018-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.9.12p2-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
  a malicious user with sudoedit privileges to edit arbitrary files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-22809
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.9.12p2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.9.12p2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.9.12p2-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/sudo-1.9.12p2-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.9.12p2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.9.12p2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
4d4b24f050b89400fce402c655422e74  sudo-1.9.12p2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
b34d668a8a66a846a3aca4fec74619ba  sudo-1.9.12p2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
3cebfe330aab0609ccdde79ebd33f5aa  sudo-1.9.12p2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
598307f0579e39ff6f8a667b258b8f90  sudo-1.9.12p2-x86_64-1_slack14.1.txz

Slackware 14.2 package:
4c0a735368c82198ea5773a6cd59cbd4  sudo-1.9.12p2-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7557e0b8e0ddc19d03dd45bbed2fbbd0  sudo-1.9.12p2-x86_64-1_slack14.2.txz

Slackware 15.0 package:
98ce4237ac13514fbbf14d4c409ea038  sudo-1.9.12p2-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
04ca46323bf4dd7f1e730bf3a08e31d0  sudo-1.9.12p2-x86_64-1_slack15.0.txz

Slackware -current package:
b4fe37ea6c0bbe5c6a1790bbda9898b4  ap/sudo-1.9.12p2-i586-1.txz

Slackware x86_64 -current package:
50de6695ee8c294c8080c8c7114aae48  ap/sudo-1.9.12p2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg sudo-1.9.12p2-i586-1_slack15.0.txz


+-----+

Slackware: 2023-018-01: sudo Security Update

January 19, 2023
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.12p2-i586-1_slack15.0.txz: Upgraded. This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-22809 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.9.12p2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.9.12p2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.9.12p2-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.12p2-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/sudo-1.9.12p2-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.9.12p2-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.9.12p2-x86_64-1.txz

MD5 Signatures

Slackware 14.0 package: 4d4b24f050b89400fce402c655422e74 sudo-1.9.12p2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b34d668a8a66a846a3aca4fec74619ba sudo-1.9.12p2-x86_64-1_slack14.0.txz
Slackware 14.1 package: 3cebfe330aab0609ccdde79ebd33f5aa sudo-1.9.12p2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 598307f0579e39ff6f8a667b258b8f90 sudo-1.9.12p2-x86_64-1_slack14.1.txz
Slackware 14.2 package: 4c0a735368c82198ea5773a6cd59cbd4 sudo-1.9.12p2-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 7557e0b8e0ddc19d03dd45bbed2fbbd0 sudo-1.9.12p2-x86_64-1_slack14.2.txz
Slackware 15.0 package: 98ce4237ac13514fbbf14d4c409ea038 sudo-1.9.12p2-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 04ca46323bf4dd7f1e730bf3a08e31d0 sudo-1.9.12p2-x86_64-1_slack15.0.txz
Slackware -current package: b4fe37ea6c0bbe5c6a1790bbda9898b4 ap/sudo-1.9.12p2-i586-1.txz
Slackware x86_64 -current package: 50de6695ee8c294c8080c8c7114aae48 ap/sudo-1.9.12p2-x86_64-1.txz

Severity
[slackware-security] sudo (SSA:2023-018-01)
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg sudo-1.9.12p2-i586-1_slack15.0.txz

News

Advisories

HOWTOs

Features

A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy