Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0387 sudo security update 3 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-18634 Reference: ESB-2020.0351 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2094 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : sudo Version : 1.8.10p3-1+deb8u7 CVE ID : CVE-2019-18634 A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges. For Debian 8 "Jessie", this problem has been fixed in version 1.8.10p3-1+deb8u7. We recommend that you upgrade your sudo packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl42AecACgkQYS7xYT4F D1TL5g/+KZvR5pPsEwiWCPUBffc8sZjcU+EEYZ70HASVduHbTNBX+jmvcFvdTO7B wGlAzwJ3aXijg+Gg4YJx9xvUSxGWOLGoYYYKE0yko3yVwC9oAHGiLbZwsOkhKnEm TROqoeOmwN4osozz0siVeM6Nk1BPdkNLfn5B4D4KS2dc5HTQSUTd1X5jkKkkmqxF xNb3++NMH6Mf3IsDitGsAy8jzs6U2OlBrzrPttPFYFvxfXEqwgr5N2grehKo1ERI s8ffrjcPhkrA1tUUzh1lg2/BS6Pyn5bxUkFSB7JUOhxoTHkWoAjbDvSeOvFXdUCC rZqd7sFFSzEzU00AB6DHe+IQuQyK+MRStIHujP/hQesW/fSsRpa1ry9CjZ0AiLEJ jJjRqga+D2PAadcuNiGFCigXWbnPGsa55ZX1cMaNn5+25hRgdCdwr7E5g7vIdKA+ rRIdxjmM922HT1EFaxCcSXDCcozNpOYvJx+I1vQzkJOacpqLghH3yelHwtMVvjE5 WtlEgOfFKzCJFJG9WP1hMUZApfPGzY8aPfQFDBgIIVJS/fd85XHl5Kgb7+ZdMCaq BAIBNqGNRBokgH2niSr0iLc6isrBKr0pSZ8RMyw0HESEyPlXkAkNiGOZsNzr9ykP BTXCl7TDHBFUi+yiDJW4RAKWRCCLtgz7wve3fS1gj+Dm+y7nRZA= =OTaP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjdrQ2aOgq3Tt24GAQhYkxAAj8UFPNJyWeIaVXIO7zUbGrLnU+JeVgac K7EaHhQ2i7uyVWrBLamOcp/aaityxK9bA7ba69L6JKIMkz/MF7OxGkKVtoE42SVs fYr9ZTAiReW2jzHZLaz44UCLo8wqTo7IW/g7hj0pvZ6OgwUbD6glBJszz5ukdxBl qE+8Brol41edKo0RfvVeuPQ3e207GYYuzNIhDhufYKpFrF6I6fXArAII8xTd3Lhf jlUnk1tFvUknWzWccK9rEAQD5v88bpRGDS2Sh3AK3b7gEYlDNjy1n5Rrbs9YglNi SneGM3XmdMvWpNgRamcuI2qE3AfTElJruijKn3o0w5Wmseo6CzBOW7JDXpfNuuXu b+IAWRRFLN07Vv5kYMpmt0PjyWlT21FwlHKvdyJCTLnhfTTMvvvgVLR7gX7hL/+D hjzgs3KmT74eVlZnpONEMMykXTCA6PvMHqMduJQ4bJ0Ke0h+lR8hIN5CBPBdLUOV fI/Z/R3J2OZlG67m52+t6FG0YjsAwAl3CQuuTo2jageA/xVXgtdtVH4aOCceRLEW tQQMZw8/9Slx9n3lL4NKaIwsw5q8o5JtyCiHxjJF1Iwe26e2q01bCTl4JtpH6kA7 TTXHSu/qOt2RGBGRMJDbXN/JbtOgzN2HNkOba67SjEDHK6IiFq/Gdj5doyTH8zQ8 qEGnk3nEYu0= =MQ9j -----END PGP SIGNATURE-----