Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for sudo

This update for sudo fixes the following security issues:

- Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality:
* noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
* noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]
- Fix unsafe handling of TZ environment variable. [CVE-2014-9680, bsc#917806]

Additionally, these non-security fixes are included in the update:

- Fix "ignoring time stamp from the future" message after each boot with !tty_tickets. [bsc#899252]
- Enable support for SASL-based authentication. [bsc#979531]

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#917806
VUL-1: sudo: CVE-2014-9680 sudo: unsafe handling of TZ environment variable
bnc#1007766
VUL-0: CVE-2016-7032: sudo: noexec bypass via system() and popen()
bnc#1007501
VUL-0: CVE-2016-7076: sudo: noexec bypass via wordexp()
bnc#899252
sudo: "ignoring time stamp from the future" message after each boot with !tty_tickets
bnc#979531
sudo: use_sasl does not work
CVE-2014-9680
CVE-2016-7032
CVE-2016-7076
Selected Binaries
openSUSE Build Service is sponsored by
Places