| Revision Date: | 2021-01-26 | Version: | 1 |
| Title: | Security update for sudo (Important) |
| Description: |
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1169063
1171899
1173606
1180684
1180685
1180687
1181090
CVE-2012-2944
CVE-2020-11647
CVE-2020-13164
CVE-2020-15466
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
SUSE-SU-2020:2144-1
SUSE-SU-2021:0227-1
|
| Platform(s): | SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information
libwireshark13-3.2.5-3.38 is installed
OR libwiretap10-3.2.5-3.38 is installed
OR libwsutil11-3.2.5-3.38 is installed
OR wireshark-3.2.5-3.38 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
AND Package Information
nut-2.7.4-4 is installed
OR nut-devel-2.7.4-4 is installed
OR nut-drivers-net-2.7.4-4 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 15 is installed
AND Package Information
sudo-1.8.22-4.15.1 is installed
OR sudo-devel-1.8.22-4.15.1 is installed
|