Bug 37853 – sudo: Missing environment sanitising (3.2)

Bug 37853 - sudo: Missing environment sanitising (3.2)


Summary:	sudo: Missing environment sanitising (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2-5-errata
Assigned To:	Arvid Requate
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-02-19 16:12 CET by Arvid Requate
Modified:	2015-05-07 13:47 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-02-19 16:12:04 CET

+++ This bug was initially created as a clone of Bug #37852 +++

CVE-2014-9680: Arbitrary file access via user defined TZ environment variable

Comment 1 Janis Meybohm

2015-04-07 15:15:27 CEST

Ticket#2015040721000323
Customer (with ES) requested this fix.

Comment 2 Arvid Requate

2015-04-08 21:07:27 CEST

Upstream package version 1.7.4p4-2.squeeze.5 imported and built in errata3.2-5.

Also fixes CVE-2014-0106 (see Bug 34270)

Advisory: 2015-04-08-sudo.yaml

Comment 3 Janek Walkenhorst

2015-05-03 20:54:40 CEST

Changelog: OK
Tests: OK
Advisory: OK

Comment 4 Janek Walkenhorst

2015-05-07 13:47:14 CEST

<http://errata.univention.de/ucs/3.2/327.html>