Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for sudo

This update for sudo fixes the following issues:

- fix two security vulnerabilities that allowed users to bypass
sudo's NOEXEC functionality:
* noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
* noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]

Sudo was updated to the package from SUSE:SLE-12-SP2:Update, incorporating
the following new feature:

- allow dynamic groups with sudo [fate#318850]

The following bug fixes are included:

- parse /proc/stat for boottime correctly [boo#899252]
- enable SASL authentication [boo#979531]

Fixed bugs
bnc#899252
sudo: "ignoring time stamp from the future" message after each boot with !tty_tickets
bnc#1007766
VUL-0: CVE-2016-7032: sudo: noexec bypass via system() and popen()
bnc#1007501
VUL-0: CVE-2016-7076: sudo: noexec bypass via wordexp()
bnc#979531
sudo: use_sasl does not work
CVE-2014-9680
CVE-2016-7032
CVE-2016-7076
fate#818850
Selected Binaries
openSUSE Build Service is sponsored by
Places