SUSE-SU-2016:2891-1 -- SLES sudoID: oval:org.secpod.oval:def:89045125 | Date: (C)2021-08-03 (M)2022-04-18 |
Class: PATCH | Family: unix |
This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo"s NOEXEC functionality: * noexec bypass via system and popen [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionally crash sudo with an internal error. This issue has been fixed. [bsc#948973] - The SSSD plugin would occasionally apply @netgroups rules from LDAP to all users rather than the @netgroup. This issue is now fixed. [bsc#966755] - When the SSSD plugin was used and a local user ran sudo, an e-mail used to be sent to administrator because SSSD did not support sudo rules for local users. This message did not signify an error, however, it was only noise. [bsc#1008043]
Platform: |
SUSE Linux Enterprise Server 11 SP4 |