Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryred hatsystem managementRed Hat Enterprise Linux 7.7: RHSA-2021-0222 Important: Sudo Heap Overflow
An update for sudo is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0222-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0222 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: sudo-1.8.23-4.el7_7.3.src.rpm x86_64: sudo-1.8.23-4.el7_7.3.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm sudo-devel-1.8.23-4.el7_7.3.i686.rpm sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: sudo-1.8.23-4.el7_7.3.src.rpm ppc64: sudo-1.8.23-4.el7_7.3.ppc64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm ppc64le: sudo-1.8.23-4.el7_7.3.ppc64le.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm s390x: sudo-1.8.23-4.el7_7.3.s390x.rpm sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm x86_64: sudo-1.8.23-4.el7_7.3.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: sudo-debuginfo-1.8.23-4.el7_7.3.ppc.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm sudo-devel-1.8.23-4.el7_7.3.ppc.rpm sudo-devel-1.8.23-4.el7_7.3.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm sudo-devel-1.8.23-4.el7_7.3.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-4.el7_7.3.s390.rpm sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm sudo-devel-1.8.23-4.el7_7.3.s390.rpm sudo-devel-1.8.23-4.el7_7.3.s390x.rpm x86_64: sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm sudo-devel-1.8.23-4.el7_7.3.i686.rpm sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB99tzjgjWX9erEAQgQVQ//X+Q+jvAdxYbN9ruIQ3Jo6JJiWPeNgTlP BoC3V9xSxcGwug3b4CULSguc5WXJSSVPgaCX2qEM0UcqRH4FBnWjrCT/yYJItO/z wS59/V87IKzrgXFwo5hUEJylzjrFaDNGUG6+CAZ0Tdrn/esJn7juIhWJmPpJwwAW ecvSc+8Sfqw0YZnXoMK9vrzYzSgw6w+qMBZvPLAp2sU0/AbS/ZbALstu3YD/plpV TjkfrUoysx9Be7U8cT5pypzMTMtsrLngcUnMKUg2XsiblNFlVZ1s5XmuMB3mmhVM S87Q/ooV+cdKizCs0vVVzlMDYSDgJoxGExiR+A2WjmrxZuf5D2/DW59OpMyyIQBB /Qlz6PWhQis9B+RsMHbE8eYUtIKaLm162wjQ+zSeyQombOWy1sNtMLL7ulZMoU3F hnkq6by3mn6iVorkRPIpRLD1lNnrdNIGLuNowKUTza8kRgL4zrXBypl+m+k8z38P GK2Svl+VblTaSQXLns8WV5hv4b2EvRWkY1rJ5iU6+JOCRg4cvy2E5VoFQFLSs02z Lftry/YcnPl4XzJOlI3+uSD/oENN8EqGKNrxaKjdfEfgbBQbUkX5OeUGDMO41Qb1 EVE8TVHhNqyVHdjeHS/4cC/gHaJVOKRmkwXxd2XyUsAI4j8pMZBVgdd9LnnwmhGk ymZ0tXTXCjg=mSfw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 26, 2021
•Important
Red Hat
98
security advisoryRed HatRed Hat Enterprise LinuxRHEL 8.1: RHSA-2021-0220-01 Important Heap Overflow in Sudo
An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0220-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0220 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6.Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: sudo-1.8.25p1-8.el8_1.2.src.rpm aarch64: sudo-1.8.25p1-8.el8_1.2.aarch64.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.aarch64.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.aarch64.rpm ppc64le: sudo-1.8.25p1-8.el8_1.2.ppc64le.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.ppc64le.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.ppc64le.rpm s390x: sudo-1.8.25p1-8.el8_1.2.s390x.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.s390x.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.s390x.rpm x86_64: sudo-1.8.25p1-8.el8_1.2.x86_64.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.x86_64.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBu9dzjgjWX9erEAQjNYQ/+OnsOQSJRzj4ae6FTOViCnkBTg28Y0I+M ZG/Z2fW45vMpfHkXjTjPcBC1WlSu7PpT2YxPHbI/as2rhO2qstTRBMuWlBREx4Bl fVj/EMiAOIW4SrToVRWfcQ0gOS0Xv+vcdtmGD9eiw4goTjXD2tDG0eAu44w+irGE 0u+c3T/UQFSSwWIGOoWjgQA9WHEwI3O8B2rgMDaSDswPQjuxtO/8eWjG4rQm6qsd 14b0FfeBHUycEnrGw224Bzt0ZzClMypfkwzRThvbvsmt/BvMmNlHt1pFDTOSzn1h B3Luwi67COIekCmq+qbAErUHdc+6nprxDJhYzMFtmXNMNXSsMVbWUKv/+zr4H9KW Y2Ca7cF1tA+xbkdE4ihaW+ODeqXa4ndXcs8libNH91qzGdIPKh4FRsJTtQctEh+I uiUfFSjUrdjWhh+mbZsi8w2YfDDE0CsxupoMl9TheCOrKS0qS8/nhb9ieLqEL8tN OS2I18pt4TmQp4MORqPGjSPpcAuq3bJQXzFLD8/MCBOt0zNn/kOtkE571xbvqmou i59wU8KI2mN21ksGJUd6ZIu9Nqe1MNbbuI8gNdivbKkfVA336yh6FVypISLXqPHB jedj4caKHec+5XX6edRdioJemUZLyiI1B5MMN+ubAnzmGmpKnakwkzIZloAYB1fL MoOYNzDw9JE=Kfq4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 26, 2021
•Important
Red Hat
98
security advisorysecurity issuebug fixRedHat: RHSA-2020-1804 Moderate: Sudo Bug Fix and Security Issue
An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security, bug fix, and enhancement update Advisory ID: RHSA-2020:1804-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1804 Issue date: 2020-04-28 CVE Names: CVE-2019-19232 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. The following packages have been upgraded to a later upstream version: sudo (1.8.29). (BZ#1733961) Security Fix(es): * sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user (CVE-2019-19232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the RedHat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1679508 - sudo does not work with notbefore/after using sssd 1715516 - sudo-1.8.19p2-10.el7.x86_64 NOTBEFORE showing value of sudoNotAfter Ldap attribute 1733961 - Rebase SUDO to the latest upstream version 1786704 - CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user 1796518 - [RFE] add optional check for the target user shell 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: sudo-1.8.29-5.el8.src.rpm aarch64: sudo-1.8.29-5.el8.aarch64.rpm sudo-debuginfo-1.8.29-5.el8.aarch64.rpm sudo-debugsource-1.8.29-5.el8.aarch64.rpm ppc64le: sudo-1.8.29-5.el8.ppc64le.rpm sudo-debuginfo-1.8.29-5.el8.ppc64le.rpm sudo-debugsource-1.8.29-5.el8.ppc64le.rpm s390x: sudo-1.8.29-5.el8.s390x.rpm sudo-debuginfo-1.8.29-5.el8.s390x.rpm sudo-debugsource-1.8.29-5.el8.s390x.rpm x86_64: sudo-1.8.29-5.el8.x86_64.rpm sudo-debuginfo-1.8.29-5.el8.x86_64.rpm sudo-debugsource-1.8.29-5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19232 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXqhWVtzjgjWX9erEAQgv3w/7B/p/c9Gaxm1Vj2LvD/83EtB3QjU6dlwB g7Ax1T/FaTrZPnKldgncHslQMgzDcCs1bjXZjh+MkbL4letynzxAwBjGm9n/IwRI crS4pJO0zfwwYTRMfcw7mCrrOEngvNhvyz/eDPu8phxU8rJk0SplpRgQyChfOEXG rGyI1bg/hcB5qXwgUmCylJH10d+MMF6lTe7PvlK1aW4UCD3OV6+Mp9hFD+1SyZr5 V8OeMlI0H9uVMxVha9YeCcsGmW++hycuIwLP/r41/oaS87DKzRffb9dZ6ucFY15J 41G5Ybe1BpLqfR1YOoJYp7qaF9MUqcRxvf4+EOJORFIaIr2hNfQ+ntSmGeF8c/KS 45DN/ZMSXd/LvNuu0XhUtlBWEIU5APitXaZDJqQKGI8dRONJO01I6dqUlXVnFfyX NLyTUflGWjzFN5TGvnP6gVl1VVKn25VzmB2dBqzvO3piCL3cemF1eG3XXrHBLT/q jxvrNjnOsz/4R6yYHrfpZgOn0+y6dG/JET5tXHk+iuaxvwsEMLY2KWOvexr7EdF8 7rii9wr/I09vIu5FxnzMAY8BAda0Xjs32koewAH+ApASrQdYnI3+q5/5KImty6rZ Mv3QcCddnTCPC2wqyerJbtFqCSuClpEDEvKHC6pxjrODPXdnTOUidIZKq/h64hSK 4cx4QCs4LII=2kMP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 28, 2020
Red Hat
98
security advisorysecurity updateRed Hat PowertoolsRed Hat Powertools RHSA-2002:072-07 Critical: Local Root Exploit Fix
Updated sudo packages are available which fix a local root exploit.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated sudo packages are available Advisory ID: RHSA-2002:072-07 Issue date: 2002-04-22 Updated on: 2002-04-25 Product: Red Hat Powertools Keywords: sudo off-by-five heap local root Cross references: RHSA-2002:071 Obsoletes: RHSA-2002:013 --------------------------------------------------------------------- 1. Topic: Updated sudo packages are available which fix a local root exploit. 2. Relevant releases/architectures: Red Hat Powertools 6.2 - alpha, i386, sparc 3. Problem description: The sudo (superuser do) utility allows a system administrator to give certain users the ability to run commands as root with logging. Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0184 to this issue. Users of Sudo are advised to upgrade to these errata packages which are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive processthat will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Powertools 6.2: SRPMS: alpha: i386: sparc: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 396232986eee0e931507052c618ded11 6.2/en/powertools/SRPMS/sudo-1.6.5p2-1.6x.1.src.rpm 0cf88c95cefdfaa6d442b1165ade110d 6.2/en/powertools/alpha/sudo-1.6.5p2-1.6x.1.alpha.rpm be8e7188bf17c3e30dd563c77bf42d72 6.2/en/powertools/i386/sudo-1.6.5p2-1.6x.1.i386.rpm 425255b31999a3172e6b3d6a5282427f 6.2/en/powertools/sparc/sudo-1.6.5p2-1.6x.1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: CVE -CVE-2002-0184 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Updated sudo application addresses local privilege escalation flaws on Red Hat Powertools, enhancing system security. Prompt upgrade recommended.. Red Hat Powertools, Sudo Exploit, Local Access, Security Update, System Security. . Severity: Critical. LinuxSecurity.com Team
Apr 25, 2002
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!