SUSE-SU-2020:0408-1

Details

Description of the patch:

This update for sudo fixes the following issues:

Security issue fixed:

CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202).

Non-security issue fixed:

Fixed an issue where sudo -l would ask for a password even though listpw was set to never (bsc#1162675).

Affected Packages

sudo

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.8.22-4.9.1

sudo-devel

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.8.22-4.9.1

References

ADVISORY

https://bugzilla.suse.com/1162202

ADVISORY

https://bugzilla.suse.com/1162675

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2020-February/006494.html

ADVISORY

https://www.suse.com/security/cve/CVE-2019-18634/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20200408-1/