This is an old revision of the document!
Slackware64-14.0 ChangeLog (2020-01-31)
Fri Jan 31 20:46:25 UTC 2020
Packages
Upgraded
- patches/packages/sudo-1.8.31-x86_64-1_slack14.0.txz
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in some Linux distributions; however, it
is not the default for upstream or in Slackware, and would exist only if
enabled by an administrator.) The attacker needs to deliver a long string
to the stdin of getln() in tgetpass.c.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
(* Security fix *)