Security update for sudo, sudo-debuginfo, sudo-debugsource
Announcement ID: | SUSE-SU-2012:0641-1 |
Rating: | moderate |
References: | #739214 #762327 |
Affected Products: |
An update that solves one vulnerability and has one errata is now available. It includes one version update.
Description:
This update fixes a security problem in sudo:
Multiple netmask values used in Host / Host_List
configuration caused any host to be allowed access.
(CVE-2012-2337)
Also a bug in wildcard matching could allow too relaxed
matches within subdirectories of the specified path so
/usr/bin/* would also match /usr/bin/X11/*, which is
probably not intended. The behaviour was aligned to the
one described in the sudoers manpage
Security Issues:
* CVE-2012-2337
Contraindications:
None
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-sudo-6306
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-sudo-6306
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-sudo-6306
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-sudo-6306
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-sudo-6306
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
- sudo-1.6.9p23-0.14.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- sudo-1.6.9p23-0.14.1