Oval Definition:oval:org.opensuse.security:def:69691
Revision Date:2021-01-26Version:1
Title:Security update for sudo (Important)
Description:

This update for sudo fixes the following issues:

- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
Family:unixClass:patch
Status:Reference(s):1158809
1180684
1180685
1180687
1181090
CVE-2017-16611
CVE-2019-1551
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
SUSE-SU-2020:0064-1
SUSE-SU-2021:0227-1
Platform(s):SUSE Enterprise Storage 6
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
Product(s):
Definition Synopsis
  • SUSE Enterprise Storage 6 is installed
  • AND Package Information
  • libopenssl1_0_0-1.0.2p-3.25 is installed
  • OR openssl-1_0_0-1.0.2p-3.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libXfont2-2-2.0.3-1 is installed
  • OR libXfont2-devel-2.0.3-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND Package Information
  • sudo-1.8.22-4.15.1 is installed
  • OR sudo-devel-1.8.22-4.15.1 is installed
    • BACK