SUSE-SU-2022:4240-1

Details

Description of the patch:

This update for sudo fixes the following issues:

Security fixes:

CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).

Other:

Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).

Affected Packages

sudo

SUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE OpenStack Cloud 9SUSE OpenStack Cloud Crowbar 9

Fixed in:

1.8.20p2-3.33.1

References

ADVISORY

https://bugzilla.suse.com/1197998

ADVISORY

https://bugzilla.suse.com/1203201

ADVISORY

https://bugzilla.suse.com/1204986

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-November/013119.html

ADVISORY

https://www.suse.com/security/cve/CVE-2022-43995/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224240-1/