#17529 closed enhancement (fixed)
sudo-1.9.12p2
| Reported by: | Bruce Dubbs | Owned by: | Tim Tassonis |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New patch version.
Change History (5)
comment:1 by , 17 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
- Fixed a compilation error on Linux/aarch64. GitHub issue #197.
- Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the iolog_file sudoers setting contains six or more Xs.
- Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
- Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. For more information, see Sudoedit can edit arbitrary files.
comment:2 by , 17 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixec in commit 5327b2af3c
comment:3 by , 17 months ago
| Priority: | normal → elevated |
|---|
I think we should issue a security advisory?
comment:4 by , 17 months ago
Yes, I guess so. Sorry, I have until now skipped/ignored the security advisory stuff due to sheer laziness, will look into that.
Note:
See TracTickets
for help on using tickets.
