|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-7090: sudo: Improper handling of ipa_hostname leads to privilege mismanagement | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | andrea.mattiazzo, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/389279/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-7090:7.7:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2023-12-24 09:43:17 UTC
Refers to: GIT repo https://github.com/sudo-project/sudo commit e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c Author: Todd C. Miller <Todd.Miller@sudo.ws> Date: Thu Aug 15 14:20:12 2019 -0600 Fix special handling of ipa_hostname that was lost in sudo 1.8.24. We now include the long and short hostname in sudo parser container. affects SUSE:SLE-12-SP5:Update sudo SUSE:SLE-15:Update sudo others are newer or older than the affected version 1.8.24->1.8.27. This commit is already present in our codestreams as patch sudo-1.8.27-ipa_hostname.patch > https://build.suse.de/package/view_file/SUSE:SLE-12-SP5:Update/sudo/sudo-1.8.27-ipa_hostname.patch?expand=1 > https://build.suse.de/package/view_file/SUSE:SLE-15:Update/sudo/sudo-1.8.27-ipa_hostname.patch?expand=1 I suggest to close this bug as duplicate of bug 1181371 Or should I reference this bug and CVE number in changelog anyway? Assigning back to security team (see previous comment) All done, closing. *** This bug has been marked as a duplicate of bug 1181371 *** |