Overview

File _patchinfo of Package patchinfo.26509

<patchinfo incident="26509">
  <issue tracker="bnc" id="1190818">Unclear sudo 1.9.5p2 error message</issue>
  <issue tracker="bnc" id="1204986">VUL-0: CVE-2022-43995: sudo: heap out of bounds read when using the crypt() password backend</issue>
  <issue tracker="bnc" id="1203201">L3-Question: sudo block in ppoll syscall while child process already gone</issue>
  <issue tracker="cve" id="2022-43995"/>
  <packager>jsikes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for sudo</summary>
  <description>This update for sudo fixes the following issues:

- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).

- Fix wrong information output in the error message (bsc#1190818).
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places