You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa sudo

Sigurnosni nedostatak programskog paketa sudo

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4154-1
October 14, 2019

sudo vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Sudo could be made to run commands as root if it called with
a specially crafted user ID.

Software Description:
– sudo: Provide limited super user privileges to specific users

Details:

Joe Vennix discovered that Sudo incorrectly handled
certain user IDs. An attacker could potentially exploit this
to execute arbitrary commands as the root user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
sudo 1.8.27-1ubuntu1.1
sudo-ldap 1.8.27-1ubuntu1.1

Ubuntu 18.04 LTS:
sudo 1.8.21p2-3ubuntu1.1
sudo-ldap 1.8.21p2-3ubuntu1.1

Ubuntu 16.04 LTS:
sudo 1.8.16-0ubuntu1.8
sudo-ldap 1.8.16-0ubuntu1.8

Ubuntu 14.04 ESM:
sudo 1.8.9p5-1ubuntu1.5+esm2
sudo-ldap 1.8.9p5-1ubuntu1.5+esm2

Ubuntu 12.04 ESM:
sudo 1.8.3p1-1ubuntu3.8
sudo-ldap 1.8.3p1-1ubuntu3.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4154-1
CVE-2019-14287

Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.27-1ubuntu1.1
https://launchpad.net/ubuntu/+source/sudo/1.8.21p2-3ubuntu1.1
https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.8
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdpJwlAAoJEEW851uECx9pXWEQALqlPsOLlkwphHzqX7g7mEz1
nUe0NfrHua91HyYNN1zk2+0Se7m6sxuz9u3FoG+7jZ+feQ15Ibqv2HsHC+okqivz
Y1+aSk8S9Niq538jjFlKpcdgGQVRvC7FBO0IYEmMIQAboPFovyGSa3dh5I/Rb7+B
4qga4+CFA/aebzbHfbFYRPOcd5qcXOQLcOpzxgoszHDbq/1UzdRbO//8fR3virhM
YevXvGj57YtlIZm5qLRP0oErLE/Dx3v1zrI6c9+O1A1AddnTd6B55TkD3GLAimCl
Fcy6E3YvWiiYa1dDQBD+J2Q6QbQfh+GEtyfUPOh0lzeweLi/FUNaGeniAz+q2glL
VE1L3ZQP2Oa6QN58cxp6F51nmkaxDbpX7XYo11eYJfpRwRAWpAK3md+UCkf8dCoA
z5KA4yTxLnCkSE2Y1uZ7ygE4gL0AIMPISgtCTOXy/ypZKBhCK6VY4hF8Z2GzoQQH
+gYiasatNJnUgUQrHCxkYnPZcQaZV1+yf+wrP7+nrA/XF8hZzbcNXLUo4pjXEn5H
M8HxMIdnOWUpqgqZS7qX6CngugpDad+C6h07yjjt8zSCy2quyxVRIeecRxZR9VSq
AbMmS18Fl62+4k3cLd9tG5zSqusm3PJkrOJPpO53Ejc2gfTJLpW9yJE4sLP7Tzqt
kLrLjV8VT2I2PeuAd/q5
=RwoP
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa chromium

Otkriveni su sigurnosni nedostaci u programskom paketu chromium za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close