Upstream has issued an advisory today (May 30): http://openwall.com/lists/oss-security/2017/05/30/16 https://www.sudo.ws/stable.html#1.8.20p1 https://www.sudo.ws/alerts/linux_tty.html Freeze push requested for Cauldron.
RedHat, Debian, Ubuntu, and openSUSE have issued advisories for this: https://rhn.redhat.com/errata/RHSA-2017-1382.html https://www.debian.org/security/2017/dsa-3867 https://www.ubuntu.com/usn/usn-3304-1/ https://lists.opensuse.org/opensuse-updates/2017-05/msg00106.html
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
*** Bug 21002 has been marked as a duplicate of this bug. ***
CC: (none) => zombie_ryushu
sudo 1.8.20p2 has been released, fixing a related issue: https://www.sudo.ws/stable.html#1.8.20p2 http://openwall.com/lists/oss-security/2017/06/02/7 The second reference notes that this does actually fix a different security issue. We may see a CVE for this soon.
CVE-2017-1000368 assigned for the issue fixed in 1.8.20p2: http://openwall.com/lists/oss-security/2017/06/06/6
Summary: sudo new security issue CVE-2017-1000367 => sudo new security issue CVE-2017-1000367 and CVE-2017-1000368
(In reply to David Walser from comment #5) > CVE-2017-1000368 assigned for the issue fixed in 1.8.20p2: > http://openwall.com/lists/oss-security/2017/06/06/6 Fedora has issued an advisory for this today (June 8): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VJLV6RSLKYRCGP4NKXMY4RECDUABZI4X/
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=21077
RedHat advisory for the second CVE from June 22: https://rhn.redhat.com/errata/RHSA-2017-1574.html
Updated package uploaded for Mageia 5. Advisory: ======================== Updated sudo packages fix security vulnerability: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000367) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367 https://rhn.redhat.com/errata/RHSA-2017-1382.html ======================== Updated packages in core/updates_testing: ======================== sudo-1.8.20p2-1.mga5 sudo-devel-1.8.20p2-1.mga5 from sudo-1.8.20p2-1.mga5.src.rpm
Assignee: pkg-bugs => qa-bugs
No poc that I could find. Just testing that sudo is working properly. On m5 x86_64 I use it in a script that runs "sudo /usr/sbin/fetchnews -n". On i586, added myself to the wheel group (logged out/in), modified /etc/sudoers to allow members of the wheel group to run all commands with a passord ... $ sudo /sbin/arping 192.168.10.11 For sudo, enter password for dave > ARPING 192.168.10.11 from 192.168.10.117 enp0s3 Unicast reply from 192.168.10.11 [1C:AF:F7:D2:22:15] 0.860ms
Whiteboard: (none) => MGA5-64-OK advisory MGA5-32-OKKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0207.html
Status: NEW => RESOLVEDResolution: (none) => FIXED