[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 970-1] sudo security update

Package        : sudo
Version        : 1.8.5p2-1+nmu3+deb7u3
CVE ID         : CVE-2017-1000367
Debian Bug     : 863731

The Qualys Security team discovered that sudo, a program designed to
provide limited super user privileges to specific users, does not
properly parse "/proc/[pid]/stat" to read the device number of the tty
from field 7 (tty_nr). A sudoers user can take advantage of this flaw on
an SELinux-enabled system to obtain full root privileges.

For Debian 7 "Wheezy", this problem has been fixed in version

For Debian 8 "Jessie", this problem has been fixed in version

We recommend that you upgrade your sudo packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Ben Hutchings - Debian developer, member of kernel, installer and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: