Parent Directory | Revision Log
MGASA-2022-0426: sudo-1.9.5p2-2.1.mga8
1 | type: security |
2 | subject: Updated sudo packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2022-43995 |
5 | src: |
6 | 8: |
7 | core: |
8 | - sudo-1.9.5p2-2.1.mga8 |
9 | description: | |
10 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a |
11 | plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in |
12 | a heap-based buffer over-read. This can be triggered by arbitrary local |
13 | users with access to Sudo by entering a password of seven characters or |
14 | fewer. The impact could vary depending on the system libraries, compiler, |
15 | and processor architecture. (CVE-2022-43995) |
16 | references: |
17 | - https://bugs.mageia.org/show_bug.cgi?id=31089 |
18 | - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html |
19 | - https://www.sudo.ws/releases/stable/#1.9.12p1 |
20 | ID: MGASA-2022-0426 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |