| What | Removed | Added |
|---|---|---|
| Component | Incidents | Security |
| Version | unspecified | Current |
| Product | SUSE Security Incidents | openSUSE Tumbleweed |
| Target Milestone | --- | Current |
| QA Contact | security-team@suse.de | qa-bugs@suse.de |
Patch at [1]. As far as I understand this issue facilitates the exploit of Baron Samedit (aka CVE-2021-3156) in sudo versions 1.9.4 and on. First all of our versions are patched against Baron Samedit and also only Factory ships a version larger than 1.9.4. While the issue itself is not known to be explotable, tt might a good idea to patch our sudo in Factory till the next version upgrade. [1] https://www.sudo.ws/repos/sudo/rev/e0d4f196ba02