|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2016:2891-1)|
|Summary:||The remote host is missing an update for the 'sudo' package(s) announced via the SUSE-SU-2016:2891-1 advisory.|
The remote host is missing an update for the 'sudo' package(s) announced via the SUSE-SU-2016:2891-1 advisory.
This update for sudo fixes the following issues:
- Fix two security vulnerabilities that allowed users to bypass sudo's
* noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
* noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]
- The SSSD plugin would occasionally crash sudo with an 'internal error'.
This issue has been fixed. [bsc#948973]
- The SSSD plugin would occasionally apply @netgroups rules from LDAP to
all users rather than the @netgroup. This issue is now fixed.
- When the SSSD plugin was used and a local user ran sudo, an e-mail used
to be sent to administrator because SSSD did not support sudo rules for
local users. This message did not signify an error, however, it was only
'sudo' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2016-7032|
BugTraq ID: 95776
RedHat Security Advisories: RHSA-2016:2872
Common Vulnerability Exposure (CVE) ID: CVE-2016-7076
BugTraq ID: 95778
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.