| Revision Date: | 2021-01-26 | Version: | 1 |
| Title: | Security update for sudo (Important) |
| Description: |
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1180684
1180685
1180687
1181090
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
SUSE-SU-2021:0227-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information
sudo-1.8.22-4.15.1 is installed
OR sudo-devel-1.8.22-4.15.1 is installed
|