Lucene search

Slackware Linux ProjectSSA-2019-287-01

HistoryOct 14, 2019 - 10:07 p.m.

[slackware-security] sudo

2019-10-1422:07:11

Slackware Linux Project

www.slackware.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.308 Low

EPSS

Percentile

96.9%

JSON

New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/sudo-1.8.28-i586-1_slack14.2.txz: Upgraded.
Fixed a bug where an sudo user may be able to run a command as root when
the Runas specification explicitly disallows root access as long as the
ALL keyword is listed first.
For more information, see:
https://vulners.com/cve/CVE-2019-14287
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.28-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.28-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.28-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.28-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.8.28-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.8.28-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.28-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.28-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
e6196d98b89b7e15052d699d83ea9f6f sudo-1.8.28-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
01d630eed34002c370e4c54be75c6d24 sudo-1.8.28-x86_64-1_slack14.0.txz

Slackware 14.1 package:
6a0466b6a04908769fea429d5f85ea02 sudo-1.8.28-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
c62d56ddd0e361a941840aee8027c8e3 sudo-1.8.28-x86_64-1_slack14.1.txz

Slackware 14.2 package:
9cc394ca773bdd0be365613fbaf58c9d sudo-1.8.28-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
b361248b384f256af1898de16341e565 sudo-1.8.28-x86_64-1_slack14.2.txz

Slackware -current package:
6e9d61e37a67c9920487934d73d6b67b ap/sudo-1.8.28-i586-1.txz

Slackware x86_64 -current package:
065490e75498b63a8e45b92ba584be18 ap/sudo-1.8.28-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg sudo-1.8.28-i586-1_slack14.2.txz

OSVersionArchitecturePackageVersionFilename
Slackware14.0i486sudo< 1.8.28sudo-1.8.28-i486-1_slack14.0.txz
Slackware14.0x86_64sudo< 1.8.28sudo-1.8.28-x86_64-1_slack14.0.txz
Slackware14.1i486sudo< 1.8.28sudo-1.8.28-i486-1_slack14.1.txz
Slackware14.1x86_64sudo< 1.8.28sudo-1.8.28-x86_64-1_slack14.1.txz
Slackware14.2i586sudo< 1.8.28sudo-1.8.28-i586-1_slack14.2.txz
Slackware14.2x86_64sudo< 1.8.28sudo-1.8.28-x86_64-1_slack14.2.txz
Slackwarecurrenti586sudo< 1.8.28sudo-1.8.28-i586-1.txz
Slackwarecurrentx86_64sudo< 1.8.28sudo-1.8.28-x86_64-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	14.0	i486	sudo	< 1.8.28	sudo-1.8.28-i486-1_slack14.0.txz
Slackware	14.0	x86_64	sudo	< 1.8.28	sudo-1.8.28-x86_64-1_slack14.0.txz
Slackware	14.1	i486	sudo	< 1.8.28	sudo-1.8.28-i486-1_slack14.1.txz
Slackware	14.1	x86_64	sudo	< 1.8.28	sudo-1.8.28-x86_64-1_slack14.1.txz
Slackware	14.2	i586	sudo	< 1.8.28	sudo-1.8.28-i586-1_slack14.2.txz
Slackware	14.2	x86_64	sudo	< 1.8.28	sudo-1.8.28-x86_64-1_slack14.2.txz
Slackware	current	i586	sudo	< 1.8.28	sudo-1.8.28-i586-1.txz
Slackware	current	x86_64	sudo	< 1.8.28	sudo-1.8.28-x86_64-1.txz