- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3968-1
May 06, 2019
sudo vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Sudo.
Software Description:
– sudo: Provide limited super user privileges to specific users
Details:
Florian Weimer discovered that Sudo incorrectly handled the noexec
restriction when used with certain applications. A local attacker could
possibly use this issue to bypass configured restrictions and execute
arbitrary commands. (CVE-2016-7076)
It was discovered that Sudo did not properly parse the contents of
/proc/[pid]/stat when attempting to determine its controlling tty. A local
attacker in some configurations could possibly use this to overwrite any
file on the filesystem, bypassing intended permissions. (CVE-2017-1000368)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
sudo 1.8.16-0ubuntu1.6
sudo-ldap 1.8.16-0ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3968-1
CVE-2016-7076, CVE-2017-1000368
Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.6
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzQgZ0ACgkQZWnYVadE
vpNzYA//dCrwKRiD4lNuB3F6k+hGUGzYQnQPAOJ8GFes/MPCGBtDJXsT0/SoLqW9
6EYGfWbC8WTxF4Ur0EzalxoXM1+6tOU30GhQUTtQo/+kPj8LP17TrxQp8mbD2qlp
gVGfUknuobEDM0mxJgzAFWhfR3VYJTuviDTBtpOFUoRzOfdvHcIyaP8/kgitpazt
+gXHLuDmuP5nKQ6XwCpeex0hMao96kxXjA/a6OhcpAYtRC7dbyGZHN+RRAFzaE/C
bLh8gqQn0nUoUY6u/HNEZJS0vUD8Kp6btXPtxcVgf2kZaHu+1pbvEN0tP+R49W9Y
/zvC6zZ5PEwj8eBHf2FoUP2AGycVcFHf9vyAPO/CpyDZ0ltSQ/bsmRYoM6MJ8t3v
/WaNz1rejhyhMxtNTHG7Tn9Kc97OIOH6BtVuqdeRHIIlFUaeBQDFn2egr7SsmcO/
VNlldSXSNu5FXlsRlbRGghNwX7PbkdLupS106fIb9hwoJgWY9ci/e8ix73jBDpfu
yaXVIcoy5NEpk38lGSlzpvdKqaQLxXGp/tX+lnr4ZuD2OliyzJm902oTsppxmyQZ
4QENn+Kl6es0bvTh4W44TPMHq5qen7U61QUY/W1wc029UYNh7Ga42iIWmYA7R0sn
I7zatPbCrLn+k2cpDVwZ/0MIj4FraRMBps3SrI0muv3ttl7MmC4=
=4ZZZ
—–END PGP SIGNATURE—–
—
| Autor | Toni Vugdelija |
| Cert id | NCERT-REF-2019-05-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
