[security-announce] SUSE-SU-2014:0475-1: important: Security update for sudo
SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0475-1 Rating: important References: #863025 #866503 #868444 Cross-References: CVE-2014-0106 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running "sudo -s". (bnc#868444) * Command "who -m" prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sudo-9044 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sudo-9044 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sudo-9044 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sudo-1.7.6p2-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): sudo-1.7.6p2-0.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sudo-1.7.6p2-0.21.1 References: http://support.novell.com/security/cve/CVE-2014-0106.html https://bugzilla.novell.com/863025 https://bugzilla.novell.com/866503 https://bugzilla.novell.com/868444 http://download.suse.com/patch/finder/?keywords=7394054678cda176999ab258b218... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (1)
-
opensuse-security@opensuse.org