Advisories » MGASA-2017-0207

Updated sudo packages fix security vulnerability

Publication date: 13 Jul 2017
Modification date: 13 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-1000367

Description

A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to
execute commands via sudo could use this flaw to escalate their privileges
to root. (CVE-2017-1000367)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20996
• https://rhn.redhat.com/errata/RHSA-2017-1382.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367

SRPMS

5/core

• sudo-1.8.20p2-1.mga5