38 matches found
MGASA-2021-0056 Updated sudo packages fix security vulnerability
A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is no...
Important Photon OS Security Update - PHSA-2021-3.0-0188
Updates of 'sudo' packages of Photon OS have been released...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
NewStart CGSL MAIN 4.05 : sudo Vulnerability (NS-SA-2020-0047)
The remote NewStart CGSL host, running version MAIN 4.05, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default...
MGASA-2020-0246 Updated sudo packages fix security vulnerability
Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact ...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
MGASA-2019-0298 Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...
MGASA-2017-0207 Updated sudo packages fix security vulnerability
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...
Updated sudo packages fix security vulnerability
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
MGASA-2016-0389 Updated sudo packages fix security vulnerability
It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...
Updated sudo packages fix security vulnerability
A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...
MGASA-2016-0261 Updated sudo packages fix security vulnerability
A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...
Oracle Linux 6 : sudo (ELSA-2015-1409)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1409 advisory. - RHEL-6.7 erratum - added patch for CVE-2014-9680 - added BuildRequires for tzdata Resolves: rhbz1200253 Tenable has extracted the preceding description block...
[SECURITY] [DSA 031-2] New sudo packages for powerpc available
---------------------------------------------------------------------------- Debian Security Advisory DSA-031-2 [email protected] http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : sudo...