OESA-2021-1002 sudo security update

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user normal users and system users, sudoers and non-sudoers, without authentication i.e., the attacker does not need to know the user's password...

CVE-2021-3156

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...

CVE-2017-1000368

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update noexec syscall blacklist - Fixes CVE-2016-7032, CVE-2016-7076 Resolves: rhbz1391937 - RHEL-6.8 erratum - fixed a bug causing that non-root users can list privileges of other users Resolves:...