SUSE-SU-2022:4240-1

Details

This update for sudo fixes the following issues:

Security fixes:

CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).

Other:

Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998).

Affected Packages

sudo

SUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE OpenStack Cloud 9SUSE OpenStack Cloud Crowbar 9

Fixed in:

1.8.20p2-3.33.1

References

REPORT

https://bugzilla.suse.com/1197998

REPORT

https://bugzilla.suse.com/1203201

REPORT

https://bugzilla.suse.com/1204986

WEB

https://www.suse.com/security/cve/CVE-2022-43995

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224240-1/