[Bug 243745] [PATCH] security/sudo update 1.8.30 --> 1.8.31
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jan 30 22:17:51 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243745
--- Comment #1 from Cy Schubert <cy at FreeBSD.org> ---
Sudo 1.8.31 is now available. This version fixes a serious bug
when the "pwfeedback" option is enabled in sudoers that can lead
to a buffer overflow. See https://www.sudo.ws/alerts/pwfeedback.html
for full details.
Source:
https://www.sudo.ws/dist/sudo-1.8.31.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.31.tar.gz
SHA256 checksum:
7ea8d97a3cee4c844e0887ea7a1bd80eb54cc98fd77966776cb1a80653ad454f
MD5 checksum:
ce17ff6e72a70f8d5dabba8abf3cd2de
Binary packages:
https://www.sudo.ws/download.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.8.31 and 1.8.30
* Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
sudoers option is enabled on systems with uni-directional pipes.
* The "sudoedit_checkdir" option now treats a user-owned directory
as writable, even if it does not have the write bit set at the
time of check. Symbolic links will no longer be followed by
sudoedit in any user-owned directory. Bug #912
* Fixed sudoedit on macOS 10.15 and above where the root file system
is mounted read-only. Bug #913.
* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
at the password prompt. Bug #914.
* Fixed compilation on systems where the mmap MAP_ANON flag
is not available. Bug #915.
2. (text/plain)
____________________________________________________________
sudo-announce mailing list <sudo-announce at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-announce
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list