Oval Definition:	oval:org.opensuse.security:def:73664
Revision Date: 2021-01-26 Version: 1 Title: Security update for sudo (Important) Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Family: unix Class: patch Status: Reference(s): 1092115 1180684 1180685 1180687 1181090 CVE-2017-16899 CVE-2018-16140 CVE-2018-9154 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 SUSE-SU-2020:1420-2 SUSE-SU-2021:0227-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND Package Information jasper-2.0.14-3.11 is installed OR libjasper-devel-2.0.14-3.11 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND transfig-3.2.6a-4.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information sudo-1.8.22-4.15.1 is installed OR sudo-devel-1.8.22-4.15.1 is installed
BACK