https://bugzilla.suse.com/show_bug.cgi?id=1181657 https://bugzilla.suse.com/show_bug.cgi?id=1181657#c1 Alexandros Toptsoglou changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Incidents |Security Version|unspecified |Current Product|SUSE Security Incidents |openSUSE Tumbleweed Target Milestone|--- |Current QA Contact|security-team@suse.de |qa-bugs@suse.de --- Comment #1 from Alexandros Toptsoglou --- Patch at [1]. As far as I understand this issue facilitates the exploit of Baron Samedit (aka CVE-2021-3156) in sudo versions 1.9.4 and on. First all of our versions are patched against Baron Samedit and also only Factory ships a version larger than 1.9.4. While the issue itself is not known to be explotable, tt might a good idea to patch our sudo in Factory till the next version upgrade. [1] https://www.sudo.ws/repos/sudo/rev/e0d4f196ba02 -- You are receiving this mail because: You are on the CC list for the bug.