]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a9d3cae) | patch
sudo: fix CVE-2019-14287
authorChangqing Li <changqing.li@windriver.com>
Tue, 22 Oct 2019 02:47:11 +0000 (10:47 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 29 Oct 2019 08:20:37 +0000 (08:20 +0000)
commitb7b6d39565f8fad61f2347a3fe31c9ee77a4da15
treee255a785fd7f95e4cf704a417e7ec8124c23db89tree | snapshot
parenta9d3cae5668fbcae7145b8cdba786caa30b5b3d3commit | diff
sudo: fix CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch [new file with mode: 0644] blob
meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch [new file with mode: 0644] blob
meta/recipes-extended/sudo/sudo_1.8.27.bb diff | blob | history
Mirror of the official openembedded-core repository