pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 867170 from home:simotek:branches:Base:System

Browse Source 
Add some bugzilla references used in SLE and Leap to make some bots happy

OBS-URL: https://build.opensuse.org/request/show/867170
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=194
This commit is contained in:
Kristyna Streitova 2021-01-27 12:10:14 +00:00 committed by Git OBS Bridge
parent 706ef1b183
commit f367b20479
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sudo.changes
View File

@ -1,5 +1,5 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <simonf.lees@suse.com> Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <sflees@suse.de>
- Update to 1.9.5.p2 - Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line * When invoked as sudoedit, the same set of command line
@ -51,7 +51,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
warning, help and usage messages as well as the matching of Debug warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo. argv[0] to an arbitrary value when executing sudo. (bsc#1180687)
* Sudo now checks for failure when setting the close-on-exec flag * Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to were to, there is the possibility of a file descriptor leak to
@ -68,7 +68,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
link does not exist, an error message will be displayed. The link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an race condition can be used to test for the existence of an
arbitrary directory. However, it _cannot_ be used to write to arbitrary directory. However, it _cannot_ be used to write to
an arbitrary location. an arbitrary location. (bsc#1180684)
* Fixed CVE-2021-23240, a flaw in the temporary file handling of * Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is sudoedit's SELinux RBAC support. On systems where SELinux is
enabled, a user with sudoedit permissions may be able to set the enabled, a user with sudoedit permissions may be able to set the
@ -76,7 +76,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
On Linux kernels that support "protected symlinks", setting On Linux kernels that support "protected symlinks", setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from /proc/sys/fs/protected_symlinks to 1 will prevent the bug from
being exploited. For more information see being exploited. For more information see
https://www.sudo.ws/alerts/sudoedit_selinux.html. https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685)
* Added writability checks for sudoedit when SELinux RBAC is in use. * Added writability checks for sudoedit when SELinux RBAC is in use.
This makes sudoedit behavior consistent regardless of whether This makes sudoedit behavior consistent regardless of whether
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"