Univention Bugzilla – Bug 50367
sudo: Multiple issues (4.4)
Last modified: 2019-10-16 14:11:14 CEST
New Debian sudo 1.8.19p1-2.1+deb9u1 fixes: This update addresses the following issue: * Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/sudo_1.8.19p1-2.1.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/sudo_1.8.19p1-2.1+deb9u1.dsc @@ -1,3 +1,9 @@ +1.8.19p1-2.1+deb9u1 [Sat, 12 Oct 2019 16:20:21 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287) + * Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh + 1.8.19p1-2.1 [Mon, 05 Jun 2017 14:22:55 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.4-2/#3251476448747070014>
Piuparts test run: Ok Advisory: Ok
<http://errata.software-univention.de/ucs/4.4/305.html>