File _patchinfo of Package patchinfo.5652

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.5652

<patchinfo incident="5652">
  <issue tracker="bnc" id="1153674">VUL-0: CVE-2019-14287: EMBARGOED: sudo: -1 uid issue</issue>
  <issue id="1053911" tracker="bnc">sudo insults enabled by default</issue>
  <issue id="1058297" tracker="bnc">L3-Question: can't enable compression with sudo-io logging</issue>
  <issue id="1068003" tracker="bnc">sudo slow trying to resolve all supplementary groups</issue>
  <issue tracker="cve" id="2019-14287"/>
  <category>security</category>
  <rating>important</rating>
  <packager>kstreitova</packager>
  <description>This update for sudo provides the following fix:

Security issue fixed:

- CVE-2019-14287: Fixed an issue where a user with sudo privileges 
  that allowed them to run commands with an arbitrary uid, could 
  run commands as root, despite being forbidden to do so in sudoers
  (bsc#1153674).

Other issues fixed:

- Cache resolved group names as calling getgrgid() is expensive and 
  on systems connected to AD with many users, groups or sudo rules 
  it causes sudo to take a long time to run (bsc#1068003).
- Disable insults by default at build time. For new installations this 
  was done via sudoers file, but when upgrading from previous versions 
  it would accidentally be enabled (bsc#1053911).
- Enable support for zlib compressed I/O logs (bsc#1058297).
</description>
  <summary>Security update for sudo</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.5652

Places