1b14e99666
- Fixes CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it cannot be used to write to an arbitrary location. - Fixes CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support protected symlinks setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information, see Symbolic link attack in SELinux-enabled sudoedit. - Update license hash: - copyright of python bindings added with6c1b155fed
- a few other files (ISC licenced) added withd4b2db9078
- year updated with9e111eae57
- Update indentation in hash file (two spaces) https://www.sudo.ws/stable.html#1.9.5p1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 lines
242 B
Plaintext
5 lines
242 B
Plaintext
# From: http://www.sudo.ws/download.html
|
|
sha256 4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882 sudo-1.9.5p1.tar.gz
|
|
# Locally calculated
|
|
sha256 505c5955c373514e2533a24a8346f44038e29cba874f5ca83beb171a7409089f doc/LICENSE
|