Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#17529 closed enhancement (fixed)

sudo-1.9.12p2

Reported by: Bruce Dubbs Owned by: Tim Tassonis
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New patch version.

Change History (5)

comment:1 by Tim Tassonis, 2 years ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned
  • Fixed a compilation error on Linux/aarch64. GitHub issue #197.
  • Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer.
  • Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the iolog_file sudoers setting contains six or more Xs.
  • Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
  • Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. For more information, see Sudoedit can edit arbitrary files.

comment:2 by Tim Tassonis, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixec in commit 5327b2af3c

comment:3 by Xi Ruoyao, 2 years ago

Priority: normalelevated

I think we should issue a security advisory?

comment:4 by Tim Tassonis, 2 years ago

Yes, I guess so. Sorry, I have until now skipped/ignored the security advisory stuff due to sheer laziness, will look into that.

comment:5 by Tim Tassonis, 2 years ago

Issued SA-11.2-074 for sudo

Note: See TracTickets for help on using tickets.