Red Hat Product Errata RHSA-2019:3197 - Security Advisory

Issued:: 2019-10-24
Updated:: 2019-10-24

RHSA-2019:3197 - Security Advisory

Overview
Updated Packages

Synopsis

Important: sudo security update

Type/Severity

Security Advisory: Important

Topic

An update for sudo is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64

Fixes

BZ - 1760531 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

CVEs

CVE-2019-14287

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux Workstation 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux Desktop 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
s390x
sudo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 5ac5a6150d5fa1a165d40611f2c79039105ea741d51351e4f4dcd2b8d31f5b2b
sudo-debuginfo-1.8.23-4.el7_7.1.s390.rpm	SHA-256: 200c4cc28ff941c507a1b0b7c54597728b13228efbf524e7098fcd7625b82426
sudo-debuginfo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 7d98e4575cdba9990210745e9c2b4aeb8bb59ae42fc3a806a73599acd86f6a3c
sudo-debuginfo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 7d98e4575cdba9990210745e9c2b4aeb8bb59ae42fc3a806a73599acd86f6a3c
sudo-devel-1.8.23-4.el7_7.1.s390.rpm	SHA-256: e3c54ae3d4d9b79baf476a20ac3d4e49622e4ab37b1fb293c36881ef6ec3bc2c
sudo-devel-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: e345c5eac61f166ad81334b61b0a77ae490774eeaf1c3f24bcc6a79bf649c96b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
s390x
sudo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 5ac5a6150d5fa1a165d40611f2c79039105ea741d51351e4f4dcd2b8d31f5b2b
sudo-debuginfo-1.8.23-4.el7_7.1.s390.rpm	SHA-256: 200c4cc28ff941c507a1b0b7c54597728b13228efbf524e7098fcd7625b82426
sudo-debuginfo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 7d98e4575cdba9990210745e9c2b4aeb8bb59ae42fc3a806a73599acd86f6a3c
sudo-debuginfo-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: 7d98e4575cdba9990210745e9c2b4aeb8bb59ae42fc3a806a73599acd86f6a3c
sudo-devel-1.8.23-4.el7_7.1.s390.rpm	SHA-256: e3c54ae3d4d9b79baf476a20ac3d4e49622e4ab37b1fb293c36881ef6ec3bc2c
sudo-devel-1.8.23-4.el7_7.1.s390x.rpm	SHA-256: e345c5eac61f166ad81334b61b0a77ae490774eeaf1c3f24bcc6a79bf649c96b

Red Hat Enterprise Linux for Power, big endian 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
ppc64
sudo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: 69e94e7375eb6cff6ab641cd0189fd39b97d9e315d19b6a1eef9dd0996718bc0
sudo-debuginfo-1.8.23-4.el7_7.1.ppc.rpm	SHA-256: 81e865623b8f5292cc7653b4bea75624501adce1061e66d669ff35f6530dbec7
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: b4171e4ee730f6fa344feff2a64e84620998dd60726e04b5bd257f9d011e9c03
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: b4171e4ee730f6fa344feff2a64e84620998dd60726e04b5bd257f9d011e9c03
sudo-devel-1.8.23-4.el7_7.1.ppc.rpm	SHA-256: d3b8870d8cb6b48d02d0f0036e01e923e7df14fd055dfc2f6cf00e74821cb874
sudo-devel-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: 81b886839d596a6343b9b4e27a5b3663c2f4fe4a3dec6c4d604d36134a303d72

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
ppc64
sudo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: 69e94e7375eb6cff6ab641cd0189fd39b97d9e315d19b6a1eef9dd0996718bc0
sudo-debuginfo-1.8.23-4.el7_7.1.ppc.rpm	SHA-256: 81e865623b8f5292cc7653b4bea75624501adce1061e66d669ff35f6530dbec7
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: b4171e4ee730f6fa344feff2a64e84620998dd60726e04b5bd257f9d011e9c03
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: b4171e4ee730f6fa344feff2a64e84620998dd60726e04b5bd257f9d011e9c03
sudo-devel-1.8.23-4.el7_7.1.ppc.rpm	SHA-256: d3b8870d8cb6b48d02d0f0036e01e923e7df14fd055dfc2f6cf00e74821cb874
sudo-devel-1.8.23-4.el7_7.1.ppc64.rpm	SHA-256: 81b886839d596a6343b9b4e27a5b3663c2f4fe4a3dec6c4d604d36134a303d72

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux EUS Compute Node 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux for Power, little endian 7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
ppc64le
sudo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: 4ac1f6a28c40c203df9661fdedcb23d32cf07f4a054bf6f610f82fa6a60ccb2a
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-devel-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: fd430da8c7dd1ac9afb9d4bf9e1cfa74b6ca8862466210608e063f08bf77d53d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
ppc64le
sudo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: 4ac1f6a28c40c203df9661fdedcb23d32cf07f4a054bf6f610f82fa6a60ccb2a
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-devel-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: fd430da8c7dd1ac9afb9d4bf9e1cfa74b6ca8862466210608e063f08bf77d53d

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
ppc64le
sudo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: 4ac1f6a28c40c203df9661fdedcb23d32cf07f4a054bf6f610f82fa6a60ccb2a
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-debuginfo-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: b12bc8b1d78f649b2e53feb768010584067929d33824441e761c6ee8dfe7efea
sudo-devel-1.8.23-4.el7_7.1.ppc64le.rpm	SHA-256: fd430da8c7dd1ac9afb9d4bf9e1cfa74b6ca8862466210608e063f08bf77d53d

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7

SRPM
sudo-1.8.23-4.el7_7.1.src.rpm	SHA-256: 881889749b7696b2cbb6b354e43a199052122b97aca7cc02000371b54ecdd2fb
x86_64
sudo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 7d831c2183201785fe11fbc353f123776bf2e24af76b26716c7b8a6c47f431cd
sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm	SHA-256: 702fd0fc5f5d62f660058956af7526ec6ea5aef0c1c297812207d076be164b41
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: d98c0d8b596984c38c11e6d0c80693d4631dc0623a1a60cc902821e066a23f03
sudo-devel-1.8.23-4.el7_7.1.i686.rpm	SHA-256: f73ad0b9c2acb141971e2a7f60cb0adf991f855fccc4b5f4771147f68ef26231
sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm	SHA-256: 6029de2bd54377f059af74a5367eec5b195a9454c7c6c8c31731dab43ac7b86d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.