Security update for sudo, sudo-debuginfo, sudo-debugsource
SUSE Security Update: Security update for sudo, sudo-debuginfo, sudo-debugsource
This update fixes a security problem in sudo:
Multiple netmask values used in Host / Host_List
configuration caused any host to be allowed access.
(CVE-2012-2337)
Also a bug in wildcard matching could allow too relaxed
matches within subdirectories of the specified path so
/usr/bin/* would also match /usr/bin/X11/*, which is
probably not intended. The behaviour was aligned to the
one described in the sudoers manpage
Security Issues:
* CVE-2012-2337
http://support.novell.com/security/cve/CVE-2012-2337.html
https://bugzilla.novell.com/739214
https://bugzilla.novell.com/762327
http://download.suse.com/patch/finder/?keywords=763144fd2d9bb1af8ff74b0b10f47530
http://download.suse.com/patch/finder/?keywords=e959f17b0299505d2a589c60fbdc17b5
| Announcement ID: | SUSE-SU-2012:0641-1 |
| Rating: | moderate |
| References: | #739214 #762327 |
| Affected Products: |
An update that solves one vulnerability and has one errata is now available. It includes one version update.
Description:
This update fixes a security problem in sudo:
Multiple netmask values used in Host / Host_List
configuration caused any host to be allowed access.
(CVE-2012-2337)
Also a bug in wildcard matching could allow too relaxed
matches within subdirectories of the specified path so
/usr/bin/* would also match /usr/bin/X11/*, which is
probably not intended. The behaviour was aligned to the
one described in the sudoers manpage
Security Issues:
* CVE-2012-2337
Contraindications:
None
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-sudo-6306 - SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-sudo-6306 - SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-sudo-6306
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
- sudo-1.6.9p23-0.14.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.7.6p2]:
- sudo-1.7.6p2-0.2.8.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- sudo-1.6.9p23-0.14.1
Run SAP
SUSE for Public Cloud
Security
