Red Hat Product Errata RHSA-2019:3895 - Security Advisory

Issued:: 2019-11-18
Updated:: 2019-11-18

RHSA-2019:3895 - Security Advisory

Overview
Updated Packages

Synopsis

Important: sudo security update

Type/Severity

Security Advisory: Important

Topic

An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 6.5 x86_64

Fixes

BZ - 1760531 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

CVEs

CVE-2019-14287

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.5

SRPM
sudo-1.8.6p3-12.el6_5.2.src.rpm	SHA-256: 42a6b59b44020cb9454fc46cd7030b85ba9777fae109886f0d396fb6f5327c0f
x86_64
sudo-1.8.6p3-12.el6_5.2.x86_64.rpm	SHA-256: b5585fd775cf21f5b3a67498887ba62abb4003e32eb2815bf5515f402c45fcde
sudo-debuginfo-1.8.6p3-12.el6_5.2.i686.rpm	SHA-256: c4cf755a4309ccdd92394553fc98d86782919acc6e9176dce75419357da8f8ba
sudo-debuginfo-1.8.6p3-12.el6_5.2.x86_64.rpm	SHA-256: f965cfc113bccc9c855919d14f3bced2abbdc6c2fae421792be3339ffc41ecaf
sudo-debuginfo-1.8.6p3-12.el6_5.2.x86_64.rpm	SHA-256: f965cfc113bccc9c855919d14f3bced2abbdc6c2fae421792be3339ffc41ecaf
sudo-devel-1.8.6p3-12.el6_5.2.i686.rpm	SHA-256: 117909cfaa4a7dedbb9e8ba3be5241b2d609698a4cc00146500dfe883b956679
sudo-devel-1.8.6p3-12.el6_5.2.x86_64.rpm	SHA-256: dcfd9a89b8870137b99af691d19ff2accfc0d8ad4be21ebceff185f2dc537816

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories