Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
sudo-1.9.7p2-1.4 on GA media
Notes
Title of the patch
sudo-1.9.7p2-1.4 on GA media
Description of the patch
These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11413
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "sudo-1.9.7p2-1.4 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11413", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11413-1.json", }, { category: "self", summary: "SUSE CVE CVE-2005-4158 page", url: "https://www.suse.com/security/cve/CVE-2005-4158/", }, { category: "self", summary: "SUSE CVE CVE-2014-9680 page", url: "https://www.suse.com/security/cve/CVE-2014-9680/", }, { category: "self", summary: "SUSE CVE CVE-2016-7032 page", url: "https://www.suse.com/security/cve/CVE-2016-7032/", }, { category: "self", summary: "SUSE CVE CVE-2016-7076 page", url: "https://www.suse.com/security/cve/CVE-2016-7076/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000367 page", url: "https://www.suse.com/security/cve/CVE-2017-1000367/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000368 page", url: "https://www.suse.com/security/cve/CVE-2017-1000368/", }, { category: "self", summary: "SUSE CVE CVE-2019-14287 page", url: "https://www.suse.com/security/cve/CVE-2019-14287/", }, { category: "self", summary: "SUSE CVE CVE-2019-18634 page", url: "https://www.suse.com/security/cve/CVE-2019-18634/", }, { category: "self", summary: "SUSE CVE CVE-2021-23239 page", url: "https://www.suse.com/security/cve/CVE-2021-23239/", }, { category: "self", summary: "SUSE CVE CVE-2021-23240 page", url: "https://www.suse.com/security/cve/CVE-2021-23240/", }, { category: "self", summary: "SUSE CVE CVE-2021-3156 page", url: "https://www.suse.com/security/cve/CVE-2021-3156/", }, ], title: "sudo-1.9.7p2-1.4 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11413-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "sudo-1.9.7p2-1.4.aarch64", product: { name: "sudo-1.9.7p2-1.4.aarch64", product_id: "sudo-1.9.7p2-1.4.aarch64", }, }, { category: "product_version", name: "sudo-devel-1.9.7p2-1.4.aarch64", product: { name: "sudo-devel-1.9.7p2-1.4.aarch64", product_id: "sudo-devel-1.9.7p2-1.4.aarch64", }, }, { category: "product_version", name: "sudo-plugin-python-1.9.7p2-1.4.aarch64", product: { name: "sudo-plugin-python-1.9.7p2-1.4.aarch64", product_id: "sudo-plugin-python-1.9.7p2-1.4.aarch64", }, }, { category: "product_version", name: "sudo-test-1.9.7p2-1.4.aarch64", product: { name: "sudo-test-1.9.7p2-1.4.aarch64", product_id: "sudo-test-1.9.7p2-1.4.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "sudo-1.9.7p2-1.4.ppc64le", product: { name: "sudo-1.9.7p2-1.4.ppc64le", product_id: "sudo-1.9.7p2-1.4.ppc64le", }, }, { category: "product_version", name: "sudo-devel-1.9.7p2-1.4.ppc64le", product: { name: "sudo-devel-1.9.7p2-1.4.ppc64le", product_id: "sudo-devel-1.9.7p2-1.4.ppc64le", }, }, { category: "product_version", name: "sudo-plugin-python-1.9.7p2-1.4.ppc64le", product: { name: "sudo-plugin-python-1.9.7p2-1.4.ppc64le", product_id: "sudo-plugin-python-1.9.7p2-1.4.ppc64le", }, }, { category: "product_version", name: "sudo-test-1.9.7p2-1.4.ppc64le", product: { name: "sudo-test-1.9.7p2-1.4.ppc64le", product_id: "sudo-test-1.9.7p2-1.4.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "sudo-1.9.7p2-1.4.s390x", product: { name: "sudo-1.9.7p2-1.4.s390x", product_id: "sudo-1.9.7p2-1.4.s390x", }, }, { category: "product_version", name: "sudo-devel-1.9.7p2-1.4.s390x", product: { name: "sudo-devel-1.9.7p2-1.4.s390x", product_id: "sudo-devel-1.9.7p2-1.4.s390x", }, }, { category: "product_version", name: "sudo-plugin-python-1.9.7p2-1.4.s390x", product: { name: "sudo-plugin-python-1.9.7p2-1.4.s390x", product_id: "sudo-plugin-python-1.9.7p2-1.4.s390x", }, }, { category: "product_version", name: "sudo-test-1.9.7p2-1.4.s390x", product: { name: "sudo-test-1.9.7p2-1.4.s390x", product_id: "sudo-test-1.9.7p2-1.4.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "sudo-1.9.7p2-1.4.x86_64", product: { name: "sudo-1.9.7p2-1.4.x86_64", product_id: "sudo-1.9.7p2-1.4.x86_64", }, }, { category: "product_version", name: "sudo-devel-1.9.7p2-1.4.x86_64", product: { name: "sudo-devel-1.9.7p2-1.4.x86_64", product_id: "sudo-devel-1.9.7p2-1.4.x86_64", }, }, { category: "product_version", name: "sudo-plugin-python-1.9.7p2-1.4.x86_64", product: { name: "sudo-plugin-python-1.9.7p2-1.4.x86_64", product_id: "sudo-plugin-python-1.9.7p2-1.4.x86_64", }, }, { category: "product_version", name: "sudo-test-1.9.7p2-1.4.x86_64", product: { name: "sudo-test-1.9.7p2-1.4.x86_64", product_id: "sudo-test-1.9.7p2-1.4.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "sudo-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", }, product_reference: "sudo-1.9.7p2-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", }, product_reference: "sudo-1.9.7p2-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", }, product_reference: "sudo-1.9.7p2-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", }, product_reference: "sudo-1.9.7p2-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-devel-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", }, product_reference: "sudo-devel-1.9.7p2-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-devel-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", }, product_reference: "sudo-devel-1.9.7p2-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-devel-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", }, product_reference: "sudo-devel-1.9.7p2-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-devel-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", }, product_reference: "sudo-devel-1.9.7p2-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-plugin-python-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", }, product_reference: "sudo-plugin-python-1.9.7p2-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-plugin-python-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", }, product_reference: "sudo-plugin-python-1.9.7p2-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-plugin-python-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", }, product_reference: "sudo-plugin-python-1.9.7p2-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-plugin-python-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", }, product_reference: "sudo-plugin-python-1.9.7p2-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-test-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", }, product_reference: "sudo-test-1.9.7p2-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-test-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", }, product_reference: "sudo-test-1.9.7p2-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-test-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", }, product_reference: "sudo-test-1.9.7p2-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "sudo-test-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", }, product_reference: "sudo-test-1.9.7p2-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4158", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2005-4158", }, ], notes: [ { category: "general", text: "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2005-4158", url: "https://www.suse.com/security/cve/CVE-2005-4158", }, { category: "external", summary: "SUSE Bug 140300 for CVE-2005-4158", url: "https://bugzilla.suse.com/140300", }, { category: "external", summary: "SUSE Bug 145687 for CVE-2005-4158", url: "https://bugzilla.suse.com/145687", }, { category: "external", summary: "SUSE Bug 159599 for CVE-2005-4158", url: "https://bugzilla.suse.com/159599", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2005-4158", }, { cve: "CVE-2014-9680", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9680", }, ], notes: [ { category: "general", text: "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9680", url: "https://www.suse.com/security/cve/CVE-2014-9680", }, { category: "external", summary: "SUSE Bug 917806 for CVE-2014-9680", url: "https://bugzilla.suse.com/917806", }, { category: "external", summary: "SUSE Bug 919737 for CVE-2014-9680", url: "https://bugzilla.suse.com/919737", }, { category: "external", summary: "SUSE Bug 921999 for CVE-2014-9680", url: "https://bugzilla.suse.com/921999", }, { category: "external", summary: "SUSE Bug 953359 for CVE-2014-9680", url: "https://bugzilla.suse.com/953359", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-9680", }, { cve: "CVE-2016-7032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7032", }, ], notes: [ { category: "general", text: "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7032", url: "https://www.suse.com/security/cve/CVE-2016-7032", }, { category: "external", summary: "SUSE Bug 1007501 for CVE-2016-7032", url: "https://bugzilla.suse.com/1007501", }, { category: "external", summary: "SUSE Bug 1007766 for CVE-2016-7032", url: "https://bugzilla.suse.com/1007766", }, { category: "external", summary: "SUSE Bug 1011975 for CVE-2016-7032", url: "https://bugzilla.suse.com/1011975", }, { category: "external", summary: "SUSE Bug 1011976 for CVE-2016-7032", url: "https://bugzilla.suse.com/1011976", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7032", }, { cve: "CVE-2016-7076", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7076", }, ], notes: [ { category: "general", text: "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7076", url: "https://www.suse.com/security/cve/CVE-2016-7076", }, { category: "external", summary: "SUSE Bug 1007501 for CVE-2016-7076", url: "https://bugzilla.suse.com/1007501", }, { category: "external", summary: "SUSE Bug 1011975 for CVE-2016-7076", url: "https://bugzilla.suse.com/1011975", }, { category: "external", summary: "SUSE Bug 1011976 for CVE-2016-7076", url: "https://bugzilla.suse.com/1011976", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7076", }, { cve: "CVE-2017-1000367", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000367", }, ], notes: [ { category: "general", text: "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000367", url: "https://www.suse.com/security/cve/CVE-2017-1000367", }, { category: "external", summary: "SUSE Bug 1007501 for CVE-2017-1000367", url: "https://bugzilla.suse.com/1007501", }, { category: "external", summary: "SUSE Bug 1039361 for CVE-2017-1000367", url: "https://bugzilla.suse.com/1039361", }, { category: "external", summary: "SUSE Bug 1042146 for CVE-2017-1000367", url: "https://bugzilla.suse.com/1042146", }, { category: "external", summary: "SUSE Bug 1077345 for CVE-2017-1000367", url: "https://bugzilla.suse.com/1077345", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-1000367", }, { cve: "CVE-2017-1000368", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000368", }, ], notes: [ { category: "general", text: "Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000368", url: "https://www.suse.com/security/cve/CVE-2017-1000368", }, { category: "external", summary: "SUSE Bug 1039361 for CVE-2017-1000368", url: "https://bugzilla.suse.com/1039361", }, { category: "external", summary: "SUSE Bug 1042146 for CVE-2017-1000368", url: "https://bugzilla.suse.com/1042146", }, { category: "external", summary: "SUSE Bug 1045986 for CVE-2017-1000368", url: "https://bugzilla.suse.com/1045986", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-1000368", }, { cve: "CVE-2019-14287", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14287", }, ], notes: [ { category: "general", text: "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14287", url: "https://www.suse.com/security/cve/CVE-2019-14287", }, { category: "external", summary: "SUSE Bug 1153674 for CVE-2019-14287", url: "https://bugzilla.suse.com/1153674", }, { category: "external", summary: "SUSE Bug 1156093 for CVE-2019-14287", url: "https://bugzilla.suse.com/1156093", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14287", }, { cve: "CVE-2019-18634", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-18634", }, ], notes: [ { category: "general", text: "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-18634", url: "https://www.suse.com/security/cve/CVE-2019-18634", }, { category: "external", summary: "SUSE Bug 1162202 for CVE-2019-18634", url: "https://bugzilla.suse.com/1162202", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-18634", }, { cve: "CVE-2021-23239", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23239", }, ], notes: [ { category: "general", text: "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23239", url: "https://www.suse.com/security/cve/CVE-2021-23239", }, { category: "external", summary: "SUSE Bug 1171722 for CVE-2021-23239", url: "https://bugzilla.suse.com/1171722", }, { category: "external", summary: "SUSE Bug 1180684 for CVE-2021-23239", url: "https://bugzilla.suse.com/1180684", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2021-23239", }, { cve: "CVE-2021-23240", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23240", }, ], notes: [ { category: "general", text: "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23240", url: "https://www.suse.com/security/cve/CVE-2021-23240", }, { category: "external", summary: "SUSE Bug 1171722 for CVE-2021-23240", url: "https://bugzilla.suse.com/1171722", }, { category: "external", summary: "SUSE Bug 1180685 for CVE-2021-23240", url: "https://bugzilla.suse.com/1180685", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-23240", }, { cve: "CVE-2021-3156", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3156", }, ], notes: [ { category: "general", text: "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3156", url: "https://www.suse.com/security/cve/CVE-2021-3156", }, { category: "external", summary: "SUSE Bug 1180684 for CVE-2021-3156", url: "https://bugzilla.suse.com/1180684", }, { category: "external", summary: "SUSE Bug 1181090 for CVE-2021-3156", url: "https://bugzilla.suse.com/1181090", }, { category: "external", summary: "SUSE Bug 1181506 for CVE-2021-3156", url: "https://bugzilla.suse.com/1181506", }, { category: "external", summary: "SUSE Bug 1181657 for CVE-2021-3156", url: "https://bugzilla.suse.com/1181657", }, { category: "external", summary: "SUSE Bug 1183936 for CVE-2021-3156", url: "https://bugzilla.suse.com/1183936", }, { category: "external", summary: "SUSE Bug 1218863 for CVE-2021-3156", url: "https://bugzilla.suse.com/1218863", }, { category: "external", summary: "SUSE Bug 1225623 for CVE-2021-3156", url: "https://bugzilla.suse.com/1225623", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x", "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3156", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.