Overview

File _patchinfo of Package patchinfo.5923

<patchinfo incident="5923">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="899252">sudo: "ignoring time stamp from the future" message after each boot with !tty_tickets</issue>
  <issue tracker="bnc" id="1007766">VUL-0: CVE-2016-7032: sudo: noexec bypass via system() and popen()</issue>
  <issue tracker="bnc" id="1007501">VUL-0: CVE-2016-7076: sudo: noexec bypass via wordexp()</issue>
  <issue tracker="bnc" id="979531">sudo: use_sasl does not work</issue>
  <issue tracker="cve" id="2014-9680"></issue>
  <issue tracker="cve" id="2016-7032"></issue>
  <issue tracker="cve" id="2016-7076"></issue>
  <issue tracker="fate" id="818850"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for sudo</summary>
  <description>This update for sudo fixes the following issues:

- fix two security vulnerabilities that allowed users to bypass
  sudo's NOEXEC functionality:
  * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
  * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]

Sudo was updated to the package from SUSE:SLE-12-SP2:Update, incorporating
the following new feature:

- allow dynamic groups with sudo [fate#318850]

The following bug fixes are included:

- parse /proc/stat for boottime correctly [boo#899252]
- enable SASL authentication [boo#979531]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places