[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269030] [PATCH] security/sudo update 1.9.12p2 (fix CVE-2023-22809)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 Jan 2023 16:24:52 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269030

            Bug ID: 269030
           Summary: [PATCH] security/sudo update 1.9.12p2 (fix
                    CVE-2023-22809)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: garga@FreeBSD.org
          Reporter: cy@FreeBSD.org
                CC: ports-bugs@FreeBSD.org
             Flags: maintainer-feedback?(garga@FreeBSD.org)

(text/plain)
Sudo version 1.9.12p2 is now available which fixes several bugs in
sudo 1.9.12.  It includes a fix for CVE-2023-22809, a bug that could
allow a user with "sudoedit" privileges to edit arbitrary files.
See https://www.sudo.ws/security/advisories/sudoedit_any/ for details.

Source:
    https://www.sudo.ws/dist/sudo-1.9.12p2.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.12p2.tar.gz

SHA256 checksum:
    b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539
MD5 checksum:
    2c67b10f2aca4698eef0491142653382

Binary packages:
    https://www.sudo.ws/getting/packages/
    https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2

For a list of download mirror sites, see:
    https://www.sudo.ws/getting/download_mirrors/

Sudo web site:
    https://www.sudo.ws/

Major changes between sudo 1.9.12p2 and 1.9.12p1:

 * Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

 * Fixed a potential crash introduced in the fix for GitHub issue #134.
   If a user's sudoers entry did not have any RunAs user's set,
   running "sudo -U otheruser -l" would dereference a NULL pointer.

 * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
   from creating a I/O files when the "iolog_file" sudoers setting
   contains six or more Xs.

 * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
   that coud allow a malicious user with sudoedit privileges to
   edit arbitrary files.

-- 
You are receiving this mail because:
You are on the CC list for the bug.