-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  sudo (SSA:2023-311-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.9.15-i586-1_slack15.0.txz:  Upgraded.
  The sudoers plugin has been modified to make it more resilient to ROWHAMMER
  attacks on authentication and policy matching.
  The sudoers plugin now constructs the user time stamp file path name using
  the user-ID instead of the user name. This avoids a potential problem with
  user names that contain a path separator ('/') being interpreted as part of
  the path name.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42465
    https://www.cve.org/CVERecord?id=CVE-2023-42456
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware 15.0:

Updated package for Slackware x86_64 15.0:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 package:
41eaa419c635bcc57b5fbdc5721bb35f  sudo-1.9.15-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
414ed3ca815363445f81161872cf8fc9  sudo-1.9.15-x86_64-1_slack14.0.txz

Slackware 14.1 package:
2d6c30e0c80a8ee87d2598df5df56dc8  sudo-1.9.15-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
0a42f5a17f76f2c38bfdd6f654dd1360  sudo-1.9.15-x86_64-1_slack14.1.txz

Slackware 14.2 package:
1d5b5d3432033dea48549612546a5aa4  sudo-1.9.15-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
eb20f940540160ad2f9fc8ac4aa90a39  sudo-1.9.15-x86_64-1_slack14.2.txz

Slackware 15.0 package:
816e1d885ff9c4f3f241cd7601f9c476  sudo-1.9.15-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
8274b3b03bd735ca8ae14a6c3a658127  sudo-1.9.15-x86_64-1_slack15.0.txz

Slackware -current package:
893214566e3e9dbeb80bae0a0b08ec20  ap/sudo-1.9.15-i586-1.txz

Slackware x86_64 -current package:
8788eee56c97fde7df4f02dc9d22673c  ap/sudo-1.9.15-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg sudo-1.9.15-i586-1_slack15.0.txz


+-----+

Slackware: 2023-311-01: sudo Security Update

November 7, 2023
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.15-i586-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 41eaa419c635bcc57b5fbdc5721bb35f sudo-1.9.15-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 414ed3ca815363445f81161872cf8fc9 sudo-1.9.15-x86_64-1_slack14.0.txz
Slackware 14.1 package: 2d6c30e0c80a8ee87d2598df5df56dc8 sudo-1.9.15-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 0a42f5a17f76f2c38bfdd6f654dd1360 sudo-1.9.15-x86_64-1_slack14.1.txz
Slackware 14.2 package: 1d5b5d3432033dea48549612546a5aa4 sudo-1.9.15-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: eb20f940540160ad2f9fc8ac4aa90a39 sudo-1.9.15-x86_64-1_slack14.2.txz
Slackware 15.0 package: 816e1d885ff9c4f3f241cd7601f9c476 sudo-1.9.15-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 8274b3b03bd735ca8ae14a6c3a658127 sudo-1.9.15-x86_64-1_slack15.0.txz
Slackware -current package: 893214566e3e9dbeb80bae0a0b08ec20 ap/sudo-1.9.15-i586-1.txz
Slackware x86_64 -current package: 8788eee56c97fde7df4f02dc9d22673c ap/sudo-1.9.15-x86_64-1.txz

Severity
[slackware-security] sudo (SSA:2023-311-01)
New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg sudo-1.9.15-i586-1_slack15.0.txz

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved