Synopsis

Important: sudo security update

Type/Severity

Security Advisory: Important

Topic

An update for sudo is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

• sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64

Fixes

• BZ - 1760531 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

CVEs

• CVE-2019-14287

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 8

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
x86_64
sudo-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: d0a454f2a5f9f5ed1e4fc5834f195ca96c19546283c1d845142bd91af340fa20
sudo-debuginfo-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: a19a34453209c99b8c88a9b19c3ae870b87c2da6cf5c4964a7baa574cac290eb
sudo-debugsource-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: 59b59223a40fe6c24e3f8ecfb1ac40a1c47a094dbd42a46cbdb5b3afb3331d6c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
x86_64
sudo-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: d0a454f2a5f9f5ed1e4fc5834f195ca96c19546283c1d845142bd91af340fa20
sudo-debuginfo-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: a19a34453209c99b8c88a9b19c3ae870b87c2da6cf5c4964a7baa574cac290eb
sudo-debugsource-1.8.25p1-8.el8_1.x86_64.rpm	SHA-256: 59b59223a40fe6c24e3f8ecfb1ac40a1c47a094dbd42a46cbdb5b3afb3331d6c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
s390x
sudo-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 3f9fd591210213acdb4c8648b138ece7a76178b137c693fc3a941895d56c8e37
sudo-debuginfo-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 2a9f5eda05d91d9b9617fab0c24858f41beb6635140e1ce59cd785838e4c6ea9
sudo-debugsource-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 405e46b457ae57058a3cead71c4f72b7d888c2f2fad310e95e5211773a5fe131

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
s390x
sudo-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 3f9fd591210213acdb4c8648b138ece7a76178b137c693fc3a941895d56c8e37
sudo-debuginfo-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 2a9f5eda05d91d9b9617fab0c24858f41beb6635140e1ce59cd785838e4c6ea9
sudo-debugsource-1.8.25p1-8.el8_1.s390x.rpm	SHA-256: 405e46b457ae57058a3cead71c4f72b7d888c2f2fad310e95e5211773a5fe131

Red Hat Enterprise Linux for Power, little endian 8

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
ppc64le
sudo-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: 829a9394c4b328b7d635cd9cc02b020165f6e3e4b23e698eddbde9ff1360a88d
sudo-debuginfo-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: 3efd73c2b1a8e378383ac506e38fd543c619190bbbb49076a1541bff652846b9
sudo-debugsource-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: d1d1c00ad227ffd9fbd9e89bec5576dc938b6e9575fc12be40eaff6fa3e6bb6d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
ppc64le
sudo-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: 829a9394c4b328b7d635cd9cc02b020165f6e3e4b23e698eddbde9ff1360a88d
sudo-debuginfo-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: 3efd73c2b1a8e378383ac506e38fd543c619190bbbb49076a1541bff652846b9
sudo-debugsource-1.8.25p1-8.el8_1.ppc64le.rpm	SHA-256: d1d1c00ad227ffd9fbd9e89bec5576dc938b6e9575fc12be40eaff6fa3e6bb6d

Red Hat Enterprise Linux for ARM 64 8

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
aarch64
sudo-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: 02ee1ba8ee494bc3d95c345501fad0a2b9a8c2f92a75b7546acb8a25cd0ee1b9
sudo-debuginfo-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: ac0cb54ef6a57aa088c3ecb80d6a9b94237865bde99d3fd7e1ee80bc40be996c
sudo-debugsource-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: 44127141161b3b7f34dc4aef90e90333d7d2d8f1c3285533cd0375040e283b86

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1

SRPM
sudo-1.8.25p1-8.el8_1.src.rpm	SHA-256: 6367d4d9ffc60bc69f8c4629bbe7fe2de8d43c701a2893b71d3acacb15256888
aarch64
sudo-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: 02ee1ba8ee494bc3d95c345501fad0a2b9a8c2f92a75b7546acb8a25cd0ee1b9
sudo-debuginfo-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: ac0cb54ef6a57aa088c3ecb80d6a9b94237865bde99d3fd7e1ee80bc40be996c
sudo-debugsource-1.8.25p1-8.el8_1.aarch64.rpm	SHA-256: 44127141161b3b7f34dc4aef90e90333d7d2d8f1c3285533cd0375040e283b86