Security update for sudo (important)

2017-06-27T00:09:23
ID OPENSUSE-SU-2017:1697-1
Type suse
Reporter Suse
Modified 2017-06-27T00:09:23

Description

This update for sudo fixes the following security issue:

  • CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146)

Also the following non security bug was fixed:

  • Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560)

This update was imported from the SUSE:SLE-12-SP2:Update update project.