Oval Definition:	oval:org.opensuse.security:def:69502
Revision Date: 2021-01-26 Version: 1 Title: Security update for sudo (Important) Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Family: unix Class: patch Status: Reference(s): 1051510 1071995 1094555 1111666 1112374 1114279 1128432 1134730 1134738 1135153 1135296 1135642 1136156 1136157 1136271 1136333 1137103 1137194 1137366 1137884 1137985 1138263 1138336 1138374 1138375 1138589 1138681 1138719 1138732 1140750 1180684 1180685 1180687 1181090 CVE-2018-16871 CVE-2019-12614 CVE-2019-12817 CVE-2019-13314 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 SUSE-SU-2019:1744-1 SUSE-SU-2020:3045-1 SUSE-SU-2021:0227-1 Platform(s): SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Workstation Extension 15 SP1 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information python3-virt-bootstrap-1.0.0-5.3 is installed OR virt-bootstrap-1.0.0-5.3 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information sudo-1.8.22-4.15.1 is installed OR sudo-devel-1.8.22-4.15.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.7 is installed OR kernel-default-extra-4.12.14-197.7 is installed
BACK