Oval Definition:oval:org.opensuse.security:def:57476
Revision Date:2021-01-26Version:1
Title:Security update for sudo (Important)
Description:

This update for sudo fixes the following issues:

- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
Family:unixClass:patch
Status:Reference(s):1021616
1021627
1024232
1024244
1024992
1024993
1025505
1025507
1026723
1026725
1026922
1027108
1027376
1044947
1112209
1113534
1113652
1113742
1125330
1127987
1129180
1129821
1130262
1131863
1132728
1132729
1132732
1132734
1133191
1134156
1134718
1136446
1136935
1137597
1140359
1146882
1146884
1150003
1150250
1160968
1174157
1180684
1180685
1180687
1181090
891489
952099
957812
CVE-2008-3825
CVE-2009-1384
CVE-2012-4510
CVE-2013-0157
CVE-2014-3158
CVE-2014-9114
CVE-2015-3195
CVE-2015-5218
CVE-2016-10163
CVE-2016-10214
CVE-2016-5011
CVE-2017-5580
CVE-2017-5937
CVE-2017-5956
CVE-2017-5957
CVE-2017-5993
CVE-2017-5994
CVE-2017-6209
CVE-2017-6210
CVE-2017-6317
CVE-2017-6355
CVE-2017-6386
CVE-2017-7508
CVE-2017-7520
CVE-2017-7521
CVE-2018-0734
CVE-2018-18335
CVE-2018-18356
CVE-2018-18506
CVE-2018-5407
CVE-2019-10245
CVE-2019-11477
CVE-2019-11478
CVE-2019-11487
CVE-2019-12973
CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
CVE-2019-1547
CVE-2019-1563
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
CVE-2019-3835
CVE-2019-3839
CVE-2019-3846
CVE-2019-5785
CVE-2019-9788
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9801
CVE-2019-9810
CVE-2019-9813
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-2583
CVE-2020-2590
CVE-2020-2593
CVE-2020-2601
CVE-2020-2604
CVE-2020-2654
CVE-2020-2659
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
SUSE-SU-2015:2251-1
SUSE-SU-2017:0798-1
SUSE-SU-2017:1635-1
SUSE-SU-2018:3866-1
SUSE-SU-2019:0852-1
SUSE-SU-2019:1345-1
SUSE-SU-2019:1671-1
SUSE-SU-2019:2397-1
SUSE-SU-2019:2478-1
SUSE-SU-2020:0261-1
SUSE-SU-2020:2861-1
SUSE-SU-2021:0226-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND chrony-3.2-lp150.5 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND transfig-3.2.6a-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND ppp-2.4.5.git-2.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • compat-openssl097g-0.9.7g-146.22.36 is installed
  • OR compat-openssl097g-32bit-0.9.7g-146.22.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • libopenssl1_0_0-1.0.1i-54.29 is installed
  • OR libopenssl1_0_0-32bit-1.0.1i-54.29 is installed
  • OR libopenssl1_0_0-hmac-1.0.1i-54.29 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.1i-54.29 is installed
  • OR openssl-1.0.1i-54.29 is installed
  • OR openssl-doc-1.0.1i-54.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cups-pk-helper-0.2.5-3 is installed
  • OR cups-pk-helper-lang-0.2.5-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND clamav-0.100.2-33.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed
  • OR openssl-1.0.2j-60.46 is installed
  • OR openssl-doc-1.0.2j-60.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • coreutils-8.25-12 is installed
  • OR coreutils-lang-8.25-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND sudo-1.8.20p2-3.20.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.14 is installed
  • OR libssh2-1-32bit-1.4.3-20.14 is installed
  • OR libssh2_org-1.4.3-20.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_107-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • curl-7.37.0-37.37 is installed
  • OR libcurl4-7.37.0-37.37 is installed
  • OR libcurl4-32bit-7.37.0-37.37 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND lftp-4.7.4-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ghostscript-9.27-23.28 is installed
  • OR ghostscript-x11-9.27-23.28 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6-6.14.3-11.15 is installed
    • BACK