Opened 7 years ago
Closed 7 years ago
#9293 closed enhancement (fixed)
sudo-1.8.20p1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New patch version.
Change History (4)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Priority: | normal → high |
|---|
comment:3 by , 7 years ago
What's new in Sudo 1.8.20p1
- Fixed "make check" when using OpenSSL or GNU crypt. Bug #787.
- Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux when the process name contains spaces. Since the user has control over the command name, this could potentially be used by a user with sudo access to overwrite an arbitrary file on systems with SELinux enabled. Also stop performing a breadth-first traversal of /dev when looking for the device; only a hard-coded list of directories are checked,
Note:
See TracTickets
for help on using tickets.
This is a fix for a critical security vulnerability according to the US Department of Homeland Security.