-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  sudo (SSA:2023-311-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.9.15-i586-1_slack15.0.txz:  Upgraded.
  The sudoers plugin has been modified to make it more resilient to ROWHAMMER
  attacks on authentication and policy matching.
  The sudoers plugin now constructs the user time stamp file path name using
  the user-ID instead of the user name. This avoids a potential problem with
  user names that contain a path separator ('/') being interpreted as part of
  the path name.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42465
    https://www.cve.org/CVERecord?id=CVE-2023-42456
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware 15.0:

Updated package for Slackware x86_64 15.0:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 package:
41eaa419c635bcc57b5fbdc5721bb35f  sudo-1.9.15-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
414ed3ca815363445f81161872cf8fc9  sudo-1.9.15-x86_64-1_slack14.0.txz

Slackware 14.1 package:
2d6c30e0c80a8ee87d2598df5df56dc8  sudo-1.9.15-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
0a42f5a17f76f2c38bfdd6f654dd1360  sudo-1.9.15-x86_64-1_slack14.1.txz

Slackware 14.2 package:
1d5b5d3432033dea48549612546a5aa4  sudo-1.9.15-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
eb20f940540160ad2f9fc8ac4aa90a39  sudo-1.9.15-x86_64-1_slack14.2.txz

Slackware 15.0 package:
816e1d885ff9c4f3f241cd7601f9c476  sudo-1.9.15-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
8274b3b03bd735ca8ae14a6c3a658127  sudo-1.9.15-x86_64-1_slack15.0.txz

Slackware -current package:
893214566e3e9dbeb80bae0a0b08ec20  ap/sudo-1.9.15-i586-1.txz

Slackware x86_64 -current package:
8788eee56c97fde7df4f02dc9d22673c  ap/sudo-1.9.15-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg sudo-1.9.15-i586-1_slack15.0.txz


+-----+

Slackware: 2023-311-01: sudo Security Update

November 7, 2023
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.15-i586-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 41eaa419c635bcc57b5fbdc5721bb35f sudo-1.9.15-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 414ed3ca815363445f81161872cf8fc9 sudo-1.9.15-x86_64-1_slack14.0.txz
Slackware 14.1 package: 2d6c30e0c80a8ee87d2598df5df56dc8 sudo-1.9.15-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 0a42f5a17f76f2c38bfdd6f654dd1360 sudo-1.9.15-x86_64-1_slack14.1.txz
Slackware 14.2 package: 1d5b5d3432033dea48549612546a5aa4 sudo-1.9.15-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: eb20f940540160ad2f9fc8ac4aa90a39 sudo-1.9.15-x86_64-1_slack14.2.txz
Slackware 15.0 package: 816e1d885ff9c4f3f241cd7601f9c476 sudo-1.9.15-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 8274b3b03bd735ca8ae14a6c3a658127 sudo-1.9.15-x86_64-1_slack15.0.txz
Slackware -current package: 893214566e3e9dbeb80bae0a0b08ec20 ap/sudo-1.9.15-i586-1.txz
Slackware x86_64 -current package: 8788eee56c97fde7df4f02dc9d22673c ap/sudo-1.9.15-x86_64-1.txz

Severity
[slackware-security] sudo (SSA:2023-311-01)
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg sudo-1.9.15-i586-1_slack15.0.txz

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo