sudo **BUG** (Mother of All sudo BUGS) -- rebuild if you are using old release
All, A sudo bug allowing privilege escalation for ANY user was posted today: https://go.reg.cx/tdml/dfd67/60398b7f/fbd30834/3Yn1 (Thank you El Reg -- you should check the comments that have poured in on the github page for the commit link listed in the article -- it's bad) openSUSE has already patched for current releases. If you are using an older release that no longer gets updates (and have more than you using your box) -- rebuild from an srpm (the 15.1 package works fine for 15.0, just edit the .spec and update the version number (suggest checking the current version and adding +1 to the minor release no. so zypper remains happy) Then make sure you have rpmbuild installed and: rpmbuild -bb ~/rpmbuild/SPECS/sudo.spec (let it fail and just take note of the dependency packages you need to install -- install them) Then: rpmbuild -bb ~/rpmbuild/SPECS/sudo.spec (for real) Install the update. If I have time I'll do a buildservice package. -- David C. Rankin, J.D.,P.E.
Hi, Just to be clear (its in your middle of your article) sudo updates for SLE, openSUSE Leap 15.1 and 15.2 are already available. openSUSE Tumbleweed availability is being pushed by dimstar. Ciao, Marcus On Wed, Jan 27, 2021 at 04:02:17AM -0600, David C. Rankin wrote:
All,
A sudo bug allowing privilege escalation for ANY user was posted today:
https://go.reg.cx/tdml/dfd67/60398b7f/fbd30834/3Yn1
(Thank you El Reg -- you should check the comments that have poured in on the github page for the commit link listed in the article -- it's bad)
openSUSE has already patched for current releases. If you are using an older release that no longer gets updates (and have more than you using your box) -- rebuild from an srpm (the 15.1 package works fine for 15.0, just edit the .spec and update the version number (suggest checking the current version and adding +1 to the minor release no. so zypper remains happy) Then make sure you have rpmbuild installed and:
rpmbuild -bb ~/rpmbuild/SPECS/sudo.spec
(let it fail and just take note of the dependency packages you need to install -- install them)
Then:
rpmbuild -bb ~/rpmbuild/SPECS/sudo.spec
(for real)
Install the update.
If I have time I'll do a buildservice package.
participants (2)
-
David C. Rankin
-
Marcus Meissner