| Summary: | sudo new security issue CVE-2019-14287 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | fri, nicolas.salguero, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | sudo-1.8.27-1.mga7.src.rpm | CVE: | CVE-2019-14287 |
| Status comment: | |||
|
Description
David Walser
2019-10-14 21:31:17 CEST
David Walser
2019-10-14 21:31:26 CEST
Whiteboard:
(none) =>
MGA7TOO 'sudo' has no registered maintainer, so assigning this globally. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. (CVE-2019-14287) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287 https://www.sudo.ws/alerts/minus_1_uid.html https://www.sudo.ws/stable.html#1.8.28 ======================== Updated packages in core/updates_testing: ======================== sudo-1.8.28-1.mga7 sudo-devel-1.8.28-1.mga7 from SRPMS: sudo-1.8.28-1.mga7.src.rpm Assignee:
pkg-bugs =>
qa-bugs Just testing it works on mga7 64bit: OK [morgan@svarten ~]$ LC_ALL=C sudo --version Sudo version 1.8.28 Sudoers policy plugin version 1.8.28 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.28 [morgan@svarten ~]$ sudo whoami [sudo] lösenord för morgan: root CC:
(none) =>
fri
Thomas Backlund
2019-10-16 23:48:21 CEST
CC:
(none) =>
tmb, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0298.html Resolution:
(none) =>
FIXED |