#17270 closed enhancement (fixed)
sudo-1.9.12p1
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New patch version.
Change History (5)
comment:1 by , 2 years ago
| Priority: | normal → elevated |
|---|
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 years ago
What's new in Sudo 1.9.12p1
- Sudo's configure script now does a better job of detecting when the -fstack-clash-protection compiler option does not work.
- Fixed CVE-2022-43995, a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication.
- Fixed a build error with some configurations compiling host_port.c.
comment:4 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
bfe8137437 Update to llvm-15.0.4. c9d81f35c9 Update to wayland-protocols-1.28. 5e42468556 Update to sudo-1.9.12p1.
Note:
See TracTickets
for help on using tickets.
Just doing some quick update triaging, it looks like this has a vulnerability fix for CVE-2022-43995, an out-of-bounds write when using passwords less than 8 characters long, when using passwd authentication (so not PAM or anything like that, just our standard default configuration)