SUSE-SU-2020:0408-1

Details

This update for sudo fixes the following issues:

Security issue fixed:

CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202).

Non-security issue fixed:

Fixed an issue where sudo -l would ask for a password even though listpw was set to never (bsc#1162675).

Affected Packages

sudo

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.8.22-4.9.1

sudo-devel

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.8.22-4.9.1

References

REPORT

https://bugzilla.suse.com/1162202

REPORT

https://bugzilla.suse.com/1162675

WEB

https://www.suse.com/security/cve/CVE-2019-18634

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20200408-1/