advisories/31089.adv

type: security
subject: Updated sudo packages fix security vulnerability
CVE:
 - CVE-2022-43995
src:
  8:
   core:
     - sudo-1.9.5p2-2.1.mga8
description: |
  Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a
  plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in
  a heap-based buffer over-read. This can be triggered by arbitrary local
  users with access to Sudo by entering a password of seven characters or
  fewer. The impact could vary depending on the system libraries, compiler,
  and processor architecture. (CVE-2022-43995)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=31089
 - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html
 - https://www.sudo.ws/releases/stable/#1.9.12p1
ID: MGASA-2022-0426
1	type: security
2	subject: Updated sudo packages fix security vulnerability
3	CVE:
4	- CVE-2022-43995
5	src:
6	8:
7	core:
8	- sudo-1.9.5p2-2.1.mga8
9	description: \|
10	Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a
11	plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in
12	a heap-based buffer over-read. This can be triggered by arbitrary local
13	users with access to Sudo by entering a password of seven characters or
14	fewer. The impact could vary depending on the system libraries, compiler,
15	and processor architecture. (CVE-2022-43995)
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=31089
18	- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html
19	- https://www.sudo.ws/releases/stable/#1.9.12p1
20	ID: MGASA-2022-0426