14 lines
1.1 KiB
JSON
14 lines
1.1 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1071",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1071",
|
|
"title": "An update for sudo is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
|
|
"severity": "Important",
|
|
"description": "Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\r\n\r\nSudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.(CVE-2023-42465)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2023-42465",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42465",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |