Overview

File _patchinfo of Package patchinfo.4933

<patchinfo incident="4933">
  <issue id="1042146" tracker="bnc">VUL-0: CVE-2017-1000368: sudo: path traversal race conditions, follow up problem</issue>
  <issue id="1034560" tracker="bnc">sudo-1.8.10p3-1.62.x86_64.rpm sudo_dso_find_sym library incorrectly linked.</issue>
  <issue id="2017-1000368" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>simotek</packager>
  <description>This update for sudo fixes the following issues:

- CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a
  newline, which could be used to trick sudo to read/write to an
  arbitrary open terminal.  (bsc#1042146)

Also the following non security bug was fixed:

- Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560)

</description>
  <summary>Security update for sudo</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places