Changqing Li
645d114f72
sudo: fix CVE-2019-14287
...
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
(From OE-Core rev: b7b6d39565f8fad61f2347a3fe31c9ee77a4da15)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-10-29 09:08:18 +00:00
..
2019-09-19 10:54:32 +01:00
2019-04-05 17:32:50 +01:00
2019-08-21 21:52:59 +01:00
2019-06-24 10:36:28 +01:00
2019-07-02 08:13:07 +01:00
2019-03-29 08:28:53 +00:00
2019-08-07 16:08:15 +01:00
2019-05-27 17:06:34 +01:00
2019-05-08 12:15:17 +01:00
2016-09-24 07:30:10 +01:00
2019-04-12 14:05:38 +01:00
2019-09-07 07:47:24 +01:00
2015-10-01 07:43:34 +01:00
2019-09-07 13:08:34 +01:00
2019-07-18 12:16:19 +01:00
2019-10-08 11:22:24 +01:00
2019-02-28 13:21:54 +00:00
2017-09-11 17:30:30 +01:00
2019-06-28 13:28:37 +01:00
2019-10-08 11:22:24 +01:00
2017-11-30 10:49:22 +00:00
2017-12-10 22:45:19 +00:00
2019-02-19 16:14:57 +00:00
2019-08-06 11:24:27 +01:00
2019-09-06 14:58:09 +01:00
2019-02-19 16:14:57 +00:00
2019-08-29 14:05:12 +01:00
2019-09-16 23:02:44 +01:00
2019-09-07 07:47:24 +01:00
2019-06-19 12:46:43 +01:00
2018-11-14 11:14:39 +00:00
2019-08-28 11:31:21 +01:00
2019-07-26 08:41:38 +01:00
2017-12-02 11:25:32 +00:00
2018-05-09 10:47:51 +01:00
2019-08-22 22:48:26 +01:00
2019-02-20 11:30:35 +00:00
2019-09-01 22:33:08 +01:00
2019-04-12 14:05:37 +01:00
2019-09-30 16:55:21 +01:00
2019-09-06 08:15:45 +01:00
2019-09-01 22:33:07 +01:00
2018-10-10 17:59:09 +01:00
2019-10-02 10:09:47 +01:00
2019-02-19 16:14:57 +00:00
2019-09-07 07:47:24 +01:00
2019-05-12 17:55:11 +01:00
2019-06-27 12:20:36 +01:00
2019-09-07 07:47:24 +01:00
2018-08-24 07:53:14 +01:00
2018-07-06 22:59:33 +01:00
2019-07-26 08:41:38 +01:00
2019-09-27 13:02:16 +01:00
2019-08-13 09:37:37 +01:00
2019-08-29 14:05:12 +01:00
2019-06-04 23:09:25 +01:00
2019-06-21 00:33:23 +01:00
2018-05-15 10:56:49 +01:00
2019-06-19 12:46:43 +01:00
2019-06-30 23:33:45 +01:00
2019-05-12 09:04:26 +01:00
2019-07-03 17:00:57 +01:00
2019-04-23 23:30:19 +01:00
2018-11-14 11:14:40 +00:00
2018-05-29 21:07:17 +01:00
2019-09-16 23:02:43 +01:00
2019-06-07 09:11:49 +01:00
2019-10-02 10:09:47 +01:00
2019-06-07 09:11:49 +01:00
2019-08-21 15:29:01 +01:00
2019-10-29 09:08:18 +00:00
2019-06-27 12:20:36 +01:00
2019-10-29 09:08:17 +00:00
2019-05-27 17:06:34 +01:00
2019-08-03 23:56:01 +01:00
2017-06-23 11:44:14 +01:00
2019-09-07 07:47:24 +01:00
2019-05-27 17:06:34 +01:00
2018-05-04 13:28:05 +01:00
2019-09-19 20:30:35 +01:00
2019-09-30 16:55:21 +01:00
2019-10-08 11:22:24 +01:00
2019-04-26 10:09:08 +01:00
2017-03-17 16:53:04 +00:00
2018-06-18 11:07:57 +01:00
2018-06-15 17:56:24 +01:00
2018-07-24 11:52:26 +01:00
2019-06-04 09:09:42 +01:00