SUSE-SU-2014:0475-1: important: Security update for sudo

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Apr 3 12:04:10 MDT 2014


   SUSE Security Update: Security update for sudo
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0475-1
Rating:             important
References:         #863025 #866503 #868444 
Cross-References:   CVE-2014-0106
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves one vulnerability and has two fixes
   is now available.

Description:


   This collective update for sudo provides fixes for the
   following issues:

   * Security policy bypass when env_reset is disabled.
   (CVE-2014-0106, bnc#866503)
   * Regression in the previous update that causes a
   segmentation fault when running "sudo -s". (bnc#868444)
   * Command "who -m" prints no output when using
   log_input/log_output sudo options. (bnc#863025)

   Security Issues references:

   * CVE-2014-0106
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-sudo-9044

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-sudo-9044

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-sudo-9044

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

      sudo-1.7.6p2-0.21.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      sudo-1.7.6p2-0.21.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      sudo-1.7.6p2-0.21.1


References:

   http://support.novell.com/security/cve/CVE-2014-0106.html
   https://bugzilla.novell.com/863025
   https://bugzilla.novell.com/866503
   https://bugzilla.novell.com/868444
   http://download.suse.com/patch/finder/?keywords=7394054678cda176999ab258b218cb1d



More information about the sle-updates mailing list