{
  "id": "openEuler-SA-2022-1892",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1892",
  "title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
  "severity": "Critical",
  "description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity.  The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).(CVE-2022-37434)",
  "cves": [
    {
      "id": "CVE-2022-37434",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434",
      "severity": "Critical"
    }
  ]
}