CVE-2022-43995 (https://www.sudo.ws/security/advisories/): Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eca952121b4f64dc7c40f81338384bf299ee771 commit 5eca952121b4f64dc7c40f81338384bf299ee771 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-05 00:39:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-05 02:06:35 +0000 app-admin/sudo: patch CVE-2022-43995 Bug: https://bugs.gentoo.org/879209 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/28143 Signed-off-by: Sam James <sam@gentoo.org> .../sudo/files/sudo-1.9.12-CVE-2022-43995.patch | 53 ++++ app-admin/sudo/sudo-1.9.12-r1.ebuild | 287 +++++++++++++++++++++ 2 files changed, 340 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd464e04dac31f761430fb3c8f2cb940f3f44463 commit bd464e04dac31f761430fb3c8f2cb940f3f44463 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-06 03:35:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-06 03:36:47 +0000 app-admin/sudo: add 1.9.12_p1 Note that CVE-2022-43995 was already fixed in Gentoo in 1.9.12-r1 (5eca952121b4f64dc7c40f81338384bf299ee771) but tagging the bug for completeness. Bug: https://bugs.gentoo.org/879209 Closes: https://bugs.gentoo.org/862201 Signed-off-by: Sam James <sam@gentoo.org> app-admin/sudo/Manifest | 2 + app-admin/sudo/sudo-1.9.12_p1.ebuild | 286 +++++++++++++++++++++++++++++++++++ app-admin/sudo/sudo-9999.ebuild | 14 +- 3 files changed, 297 insertions(+), 5 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=90304100a99e24458f3a757fd7288607e1786e6b commit 90304100a99e24458f3a757fd7288607e1786e6b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-11-22 03:52:48 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 03:59:40 +0000 [ GLSA 202211-08 ] sudo: Heap-Based Buffer Overread Bug: https://bugs.gentoo.org/879209 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202211-08.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
GLSA released, waiting for cleanup
For users' clarity: 1.9.12_p1 includes the fix. See e.g. the git log: https://gitweb.gentoo.org/repo/gentoo.git/log/app-admin/sudo?showmsg=1
(In reply to Teika kazura from comment #6) > For users' clarity: 1.9.12_p1 includes the fix. See e.g. the git log: > https://gitweb.gentoo.org/repo/gentoo.git/log/app-admin/sudo?showmsg=1 You mean the commits that referenced this bug and are thus included as comments in this bug? ;)
