Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14287 (GCVE-0-2019-14287)
Vulnerability from cvelistv5
Published
2019-10-17 17:03
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20191014 Sudo: CVE-2019-14287",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"name": "USN-4154-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"name": "DSA-4543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"name": "20191015 [SECURITY] [DSA 4543-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"name": "20191015 [slackware-security] sudo (SSA:2019-287-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"name": "openSUSE-SU-2019:2316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "FEDORA-2019-9cb221f2be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"name": "openSUSE-SU-2019:2333",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"name": "[oss-security] 20191015 Re: Sudo: CVE-2019-14287",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"name": "FEDORA-2019-67998e9f7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "RHSA-2019:3197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"name": "RHSA-2019:3205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"name": "RHSA-2019:3204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"name": "RHSA-2019:3209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"name": "RHSA-2019:3219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "FEDORA-2019-72755db9c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"name": "RHSA-2019:3278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"name": "RHSA-2019:3694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"name": "RHSA-2019:3755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"name": "RHSA-2019:3754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"name": "RHSA-2019:3895",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"name": "RHSA-2019:3916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHBA-2019:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"name": "RHSA-2019:3941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "RHSA-2019:4191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"name": "RHSA-2020:0388",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T23:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20191014 Sudo: CVE-2019-14287",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"name": "USN-4154-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"name": "DSA-4543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"name": "20191015 [SECURITY] [DSA 4543-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"name": "20191015 [slackware-security] sudo (SSA:2019-287-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"name": "openSUSE-SU-2019:2316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "FEDORA-2019-9cb221f2be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"name": "openSUSE-SU-2019:2333",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"name": "[oss-security] 20191015 Re: Sudo: CVE-2019-14287",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"name": "FEDORA-2019-67998e9f7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "RHSA-2019:3197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"name": "RHSA-2019:3205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"name": "RHSA-2019:3204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"name": "RHSA-2019:3209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"name": "RHSA-2019:3219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "FEDORA-2019-72755db9c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"name": "RHSA-2019:3278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"name": "RHSA-2019:3694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"name": "RHSA-2019:3755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"name": "RHSA-2019:3754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"name": "RHSA-2019:3895",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"name": "RHSA-2019:3916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHBA-2019:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"name": "RHSA-2019:3941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "RHSA-2019:4191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"name": "RHSA-2020:0388",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20191014 Sudo: CVE-2019-14287",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"name": "USN-4154-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"name": "DSA-4543",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"name": "20191015 [SECURITY] [DSA 4543-1] sudo security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"name": "20191015 [slackware-security] sudo (SSA:2019-287-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"name": "openSUSE-SU-2019:2316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"name": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "FEDORA-2019-9cb221f2be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"name": "https://www.sudo.ws/alerts/minus_1_uid.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"name": "openSUSE-SU-2019:2333",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191017-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"name": "[oss-security] 20191015 Re: Sudo: CVE-2019-14287",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"name": "FEDORA-2019-67998e9f7e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"name": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "RHSA-2019:3197",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"name": "RHSA-2019:3205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"name": "RHSA-2019:3204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"name": "RHSA-2019:3209",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"name": "RHSA-2019:3219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "FEDORA-2019-72755db9c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"name": "RHSA-2019:3278",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"name": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287",
"refsource": "MISC",
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"name": "RHSA-2019:3694",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"name": "RHSA-2019:3755",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"name": "RHSA-2019:3754",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"name": "RHSA-2019:3895",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"name": "RHSA-2019:3916",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHBA-2019:3248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"name": "RHSA-2019:3941",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "RHSA-2019:4191",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"name": "RHSA-2020:0388",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"name": "GLSA-202003-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14287",
"datePublished": "2019-10-17T17:03:28",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14287\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-17T18:15:12.330\",\"lastModified\":\"2024-11-21T04:26:22.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \\\"sudo -u \\\\#$((0xffffffff))\\\" command.\"},{\"lang\":\"es\",\"value\":\"En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de pol\u00edticas y m\u00f3dulos PAM de sesi\u00f3n, y puede causar un registro incorrecto, mediante la invocaci\u00f3n sudo con un ID de usuario creado. Por ejemplo, esto permite la omisi\u00f3n de la configuraci\u00f3n root y el registro USER= para un comando \\\"sudo -u \\\\#$((0xffffffff))\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.28\",\"matchCriteriaId\":\"07F52D32-AC76-42B8-B59F-57D5E36010CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E902EEC6-9A41-4FBC-8D81-891DF846A5CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C66E6D-8AD2-4709-BD18-ED9EAF9D8546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E6D998-B41D-4B49-9E00-8336D2E40A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8D871B-AEA1-4407-AEE3-47EC782250FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6755B6AD-0422-467B-8115-34A60B1D1A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/14/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/24/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/29/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/14/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:3248\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3197\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3204\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3205\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3209\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3278\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3694\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3754\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3755\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3895\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3941\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4191\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0388\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/20\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191017-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4154-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4543\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/10/15/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.sudo.ws/alerts/minus_1_uid.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/14/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/24/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/29/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/14/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:3248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191017-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4154-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/10/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.sudo.ws/alerts/minus_1_uid.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2019:3694
Vulnerability from csaf_redhat
Published
2019-11-05 22:22
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3694",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3694.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:53+00:00",
"generator": {
"date": "2025-08-02T11:12:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3694",
"initial_release_date": "2019-11-05T22:22:12+00:00",
"revision_history": [
{
"date": "2019-11-05T22:22:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-05T22:22:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-8.el8_1.ppc64le",
"product": {
"name": "sudo-0:1.8.25p1-8.el8_1.ppc64le",
"product_id": "sudo-0:1.8.25p1-8.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-8.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"product_id": "sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-8.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-8.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-8.el8_1.s390x",
"product": {
"name": "sudo-0:1.8.25p1-8.el8_1.s390x",
"product_id": "sudo-0:1.8.25p1-8.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-8.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"product_id": "sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-8.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"product_id": "sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-8.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-8.el8_1.x86_64",
"product": {
"name": "sudo-0:1.8.25p1-8.el8_1.x86_64",
"product_id": "sudo-0:1.8.25p1-8.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-8.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64",
"product_id": "sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-8.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"product_id": "sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-8.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-8.el8_1.aarch64",
"product": {
"name": "sudo-0:1.8.25p1-8.el8_1.aarch64",
"product_id": "sudo-0:1.8.25p1-8.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-8.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"product_id": "sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-8.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"product_id": "sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-8.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-8.el8_1.src",
"product": {
"name": "sudo-0:1.8.25p1-8.el8_1.src",
"product_id": "sudo-0:1.8.25p1-8.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-8.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-8.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.aarch64"
},
"product_reference": "sudo-0:1.8.25p1-8.el8_1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-8.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.ppc64le"
},
"product_reference": "sudo-0:1.8.25p1-8.el8_1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-8.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.s390x"
},
"product_reference": "sudo-0:1.8.25p1-8.el8_1.s390x",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-8.el8_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.src"
},
"product_reference": "sudo-0:1.8.25p1-8.el8_1.src",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-8.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.x86_64"
},
"product_reference": "sudo-0:1.8.25p1-8.el8_1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.s390x"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64",
"relates_to_product_reference": "BaseOS-8.1.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-05T22:22:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.src",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debuginfo-0:1.8.25p1-8.el8_1.x86_64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.aarch64",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.ppc64le",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.s390x",
"BaseOS-8.1.0.Z.MAIN.EUS:sudo-debugsource-0:1.8.25p1-8.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3916
Vulnerability from csaf_redhat
Published
2019-11-19 15:56
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.2.5 machine-os-content-container security update
Notes
Topic
An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS.
Security Fix(es):
* A flaw was found in the way Intel CPUs handled inconsistency between virtual to physical memory address translations in the CPU's local cache and the system software's Paging structure entries. A privileged guest user can exploit this flaw to induce a hardware Machine Check Error (MCE) on the host processor, resulting in a severe DoS scenario by halting the processor. System software like the OS OR Virtual Machine Monitor (VMM) use the virtual memory system for storing program instructions and data in memory. The virtual memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate a program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer, called the Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and the other for data addresses. System software can modify its Paging structure entries to change address mappings or certain attributes like page size, etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. Before this TLB invalidation takes place, however, a privileged guest user could trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). This would access an invalid physical memory address, resulting in halting the processor due to the MCE on Page Size Change. (CVE-2018-12207)
* A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS.\n\nSecurity Fix(es):\n\n* A flaw was found in the way Intel CPUs handled inconsistency between virtual to physical memory address translations in the CPU\u0027s local cache and the system software\u0027s Paging structure entries. A privileged guest user can exploit this flaw to induce a hardware Machine Check Error (MCE) on the host processor, resulting in a severe DoS scenario by halting the processor. System software like the OS OR Virtual Machine Monitor (VMM) use the virtual memory system for storing program instructions and data in memory. The virtual memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor\u0027s Memory Management Unit (MMU) uses Paging structure entries to translate a program\u0027s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer, called the Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and the other for data addresses. System software can modify its Paging structure entries to change address mappings or certain attributes like page size, etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor\u0027s TLB cache. Before this TLB invalidation takes place, however, a privileged guest user could trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). This would access an invalid physical memory address, resulting in halting the processor due to the MCE on Page Size Change. (CVE-2018-12207)\n\n* A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3916",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce",
"url": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1646768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646768"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3916.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.2.5 machine-os-content-container security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:04+00:00",
"generator": {
"date": "2025-08-02T11:13:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3916",
"initial_release_date": "2019-11-19T15:56:26+00:00",
"revision_history": [
{
"date": "2019-11-19T15:56:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-19T15:56:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "Red Hat OpenShift Container Platform 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Intel"
]
},
{
"names": [
"Deepak Gupta"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12207",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU\u0027s local cache and system software\u0027s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.\r\n\r\nSystem software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor\u0027s Memory Management Unit (MMU) uses Paging structure entries to translate program\u0027s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.\r\n\r\nSystem software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor\u0027s TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: Machine Check Error on Page Size Change (IFU)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "RHBZ#1646768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646768"
},
{
"category": "external",
"summary": "RHSB-ifu-page-mce",
"url": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12207"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
}
],
"release_date": "2019-11-12T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-19T15:56:26+00:00",
"details": "See the following documentation, which will be updated shortly for release 4.2.5, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"category": "workaround",
"details": "For mitigation related information, please refer to the Red Hat vulnerability article: https://access.redhat.com/security/vulnerabilities/ifu-page-mce .",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hw: Machine Check Error on Page Size Change (IFU)"
},
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-19T15:56:26+00:00",
"details": "See the following documentation, which will be updated shortly for release 4.2.5, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2020:0388
Vulnerability from csaf_redhat
Published
2020-02-04 12:56
Modified
2025-08-02 11:14
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0388",
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0388.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:14:05+00:00",
"generator": {
"date": "2025-08-02T11:14:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2020:0388",
"initial_release_date": "2020-02-04T12:56:00+00:00",
"revision_history": [
{
"date": "2020-02-04T12:56:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-04T12:56:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:14:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_id": "sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-4.el8_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_id": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-4.el8_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-4.el8_0.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"product": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"product_id": "sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-4.el8_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64",
"product": {
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64",
"product_id": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debugsource@1.8.25p1-4.el8_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.25p1-4.el8_0.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.25p1-4.el8_0.2.src",
"product": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.src",
"product_id": "sudo-0:1.8.25p1-4.el8_0.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.25p1-4.el8_0.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.ppc64le"
},
"product_reference": "sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.src"
},
"product_reference": "sudo-0:1.8.25p1-4.el8_0.2.src",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.25p1-4.el8_0.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.x86_64"
},
"product_reference": "sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
"product_id": "BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64"
},
"product_reference": "sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64",
"relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.src",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-04T12:56:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.src",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.src",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.src",
"BaseOS-8.0.0.Z.E4S:sudo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debuginfo-0:1.8.25p1-4.el8_0.2.x86_64",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.ppc64le",
"BaseOS-8.0.0.Z.E4S:sudo-debugsource-0:1.8.25p1-4.el8_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3219
Vulnerability from csaf_redhat
Published
2019-10-29 12:28
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3219",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3219.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:04+00:00",
"generator": {
"date": "2025-08-02T11:13:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3219",
"initial_release_date": "2019-10-29T12:28:12+00:00",
"revision_history": [
{
"date": "2019-10-29T12:28:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-29T12:28:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"product": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"product_id": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p7-23.el7_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p7-23.el7_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"product": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"product_id": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p7-23.el7_3.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"product": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"product_id": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p7-23.el7_3.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"product_id": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p7-23.el7_3.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p7-23.el7_3.2.src",
"product": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src",
"product_id": "sudo-0:1.8.6p7-23.el7_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p7-23.el7_3.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"product": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_id": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p7-23.el7_3.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p7-23.el7_3.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_id": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p7-23.el7_3.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
"product_id": "7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
"product_id": "7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.3)",
"product_id": "7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.3)",
"product_id": "7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.src",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.3)",
"product_id": "7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T12:28:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.AUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.AUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.E4S:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.ppc64le",
"7Server-optional-7.3.E4S:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.src",
"7Server-optional-7.3.TUS:sudo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-debuginfo-0:1.8.6p7-23.el7_3.2.x86_64",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.i686",
"7Server-optional-7.3.TUS:sudo-devel-0:1.8.6p7-23.el7_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3941
Vulnerability from csaf_redhat
Published
2019-11-21 09:55
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.24 machine-os-content-container security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS.
Security Fix(es):
* A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.
System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.
System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)
* A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287)
* An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local user could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC, and other network link settings without any authorization, giving them control of the network names resolution process and causing the system to communicate with wrong or malicious servers. (CVE-2019-15718)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS.\n\nSecurity Fix(es):\n\n* A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU\u0027s local cache and system software\u0027s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.\n\nSystem software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor\u0027s Memory Management Unit (MMU) uses Paging structure entries to translate program\u0027s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.\n\nSystem software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor\u0027s TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)\n\n* A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287)\n\n* An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local user could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC, and other network link settings without any authorization, giving them control of the network names resolution process and causing the system to communicate with wrong or malicious servers. (CVE-2019-15718)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3941",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce",
"url": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
},
{
"category": "external",
"summary": "1646768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646768"
},
{
"category": "external",
"summary": "1746057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746057"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3941.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.1.24 machine-os-content-container security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:29+00:00",
"generator": {
"date": "2025-08-02T11:13:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3941",
"initial_release_date": "2019-11-21T09:55:18+00:00",
"revision_history": [
{
"date": "2019-11-21T09:55:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-21T09:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "Red Hat OpenShift Container Platform 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Intel"
]
},
{
"names": [
"Deepak Gupta"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12207",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU\u0027s local cache and system software\u0027s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.\r\n\r\nSystem software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor\u0027s Memory Management Unit (MMU) uses Paging structure entries to translate program\u0027s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.\r\n\r\nSystem software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor\u0027s TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: Machine Check Error on Page Size Change (IFU)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "RHBZ#1646768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646768"
},
{
"category": "external",
"summary": "RHSB-ifu-page-mce",
"url": "https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12207"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
}
],
"release_date": "2019-11-12T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-21T09:55:18+00:00",
"details": "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.24, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"category": "workaround",
"details": "For mitigation related information, please refer to the Red Hat vulnerability article: https://access.redhat.com/security/vulnerabilities/ifu-page-mce .",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hw: Machine Check Error on Page Size Change (IFU)"
},
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-21T09:55:18+00:00",
"details": "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.24, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
},
{
"cve": "CVE-2019-15718",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1746057"
}
],
"notes": [
{
"category": "description",
"text": "An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC and other network link settings without any authorization, allowing control of the network names resolution process and cause the system to communicate with wrong or malicious servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: systemd-resolved allows unprivileged users to configure DNS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as the shipped systemd-resolved does not provide any privileged DBus method.\nThis issue does affect the versions of systemd as shipped with Red Hat Enterprise Linux 8, however the systemd-resolved service is not enabled by default, so the flaw cannot be exploited unless the service was manually enabled.\n\nThe flaw was rated as Moderate as it requires a local attacker and changing the DNS servers cannot compromise the system by itself, though it could be used for phishing attacks or to redirect the users to malicious websites. Moreover, on Red Hat Enterprise Linux 8 systemd-resolved needs to be manually enabled by an administrator to make the system vulnerable.\n\nOpenShift Container Platform 4 includes a vulnerable version of systemd on RHEL CoreOS nodes. However, the systemd-resolved service is removed from RHEL CoreOS instances, making this vulnerability not exploitable. This flaw is rated Low for OpenShift Container Platform 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Container Platform 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-15718"
},
{
"category": "external",
"summary": "RHBZ#1746057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746057"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-15718",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15718"
}
],
"release_date": "2019-09-03T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-21T09:55:18+00:00",
"details": "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.24, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"category": "workaround",
"details": "Disable systemd-resolved service by using `sudo systemctl disable systemd-resolved`.",
"product_ids": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat OpenShift Container Platform 4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: systemd-resolved allows unprivileged users to configure DNS"
}
]
}
rhsa-2019:3209
Vulnerability from csaf_redhat
Published
2019-10-28 18:05
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3209",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3209.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:45+00:00",
"generator": {
"date": "2025-08-02T11:12:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3209",
"initial_release_date": "2019-10-28T18:05:22+00:00",
"revision_history": [
{
"date": "2019-10-28T18:05:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-28T18:05:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"product": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"product_id": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-12.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"product_id": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-12.el7_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"product": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"product_id": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-12.el7_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"product": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"product_id": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-12.el7_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"product_id": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-12.el7_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-12.el7_4.1.src",
"product": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src",
"product_id": "sudo-0:1.8.19p2-12.el7_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-12.el7_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"product": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_id": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-12.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-12.el7_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_id": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-12.el7_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.src",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-28T18:05:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.AUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.AUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.E4S:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.ppc64le",
"7Server-optional-7.4.E4S:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.src",
"7Server-optional-7.4.TUS:sudo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-debuginfo-0:1.8.19p2-12.el7_4.1.x86_64",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.i686",
"7Server-optional-7.4.TUS:sudo-devel-0:1.8.19p2-12.el7_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhba-2019:3248
Vulnerability from csaf_redhat
Published
2019-10-30 09:45
Modified
2025-08-02 11:07
Summary
Red Hat Bug Fix Advisory: redhat-virtualization-host security update
Notes
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:3248",
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"category": "external",
"summary": "1761720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1761720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_3248.json"
}
],
"title": "Red Hat Bug Fix Advisory: redhat-virtualization-host security update",
"tracking": {
"current_release_date": "2025-08-02T11:07:50+00:00",
"generator": {
"date": "2025-08-02T11:07:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHBA-2019:3248",
"initial_release_date": "2019-10-30T09:45:18+00:00",
"revision_history": [
{
"date": "2019-10-30T09:45:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-30T09:45:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:07:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product": {
"name": "Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product_id": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"product": {
"name": "redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"product_id": "redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.2-20191022.0.el7_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"product_id": "redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-15.1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.2-20191022.0.el7_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.2-15.1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.2-15.1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"product": {
"name": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"product_id": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host-content@4.2-15.1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.src as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64 as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64 as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.2-20191022.0.el7_6.src as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src"
},
"product_reference": "redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch as a component of Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS",
"product_id": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-Hypervisor-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product_id": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product_id": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product_id": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64"
},
"product_reference": "redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4.2 (build requirements)",
"product_id": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"relates_to_product_reference": "7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1125",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1724389"
}
],
"notes": [
{
"category": "description",
"text": "A Spectre gadget was found in the Linux kernel\u0027s implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: hw: Spectre SWAPGS gadget vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1125"
},
{
"category": "external",
"summary": "RHBZ#1724389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1125",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1125"
}
],
"release_date": "2019-08-06T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-30T09:45:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"category": "workaround",
"details": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821",
"product_ids": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: hw: Spectre SWAPGS gadget vulnerability"
},
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-30T09:45:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-0:4.2-20191022.0.el7_6.src",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-0:4.2-20191022.0.el7_6.noarch",
"7Server-7.6.EUS-RHV-4.2-Hypervisor-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.src",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-release-virtualization-host-content-0:4.2-15.1.el7.x86_64",
"7Server-7.6.EUS-RHV-4.2-HypervisorBuild-eus:redhat-virtualization-host-image-update-placeholder-0:4.2-15.1.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3197
Vulnerability from csaf_redhat
Published
2019-10-24 21:38
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3197",
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3197.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:06+00:00",
"generator": {
"date": "2025-08-02T11:13:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3197",
"initial_release_date": "2019-10-24T21:38:27+00:00",
"revision_history": [
{
"date": "2019-10-24T21:38:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-24T21:38:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"product": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"product_id": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-4.el7_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-4.el7_7.1.src",
"product": {
"name": "sudo-0:1.8.23-4.el7_7.1.src",
"product_id": "sudo-0:1.8.23-4.el7_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-4.el7_7.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-4.el7_7.1.s390x",
"product": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x",
"product_id": "sudo-0:1.8.23-4.el7_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-4.el7_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"product": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"product_id": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-4.el7_7.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"product": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"product_id": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-4.el7_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"product": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"product_id": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-4.el7_7.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"product": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"product_id": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-4.el7_7.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.src",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T21:38:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Client-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Client-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7ComputeNode-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7ComputeNode-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Server-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Server-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.src",
"7Workstation-optional-7.7.Z:sudo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-debuginfo-0:1.8.23-4.el7_7.1.x86_64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.i686",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.ppc64le",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.s390x",
"7Workstation-optional-7.7.Z:sudo-devel-0:1.8.23-4.el7_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:4191
Vulnerability from csaf_redhat
Published
2019-12-10 15:34
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4191",
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4191.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:25+00:00",
"generator": {
"date": "2025-08-02T11:13:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:4191",
"initial_release_date": "2019-12-10T15:34:35+00:00",
"revision_history": [
{
"date": "2019-12-10T15:34:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-10T15:34:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:5"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.7.2p1-31.el5_11.1.s390x",
"product": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.s390x",
"product_id": "sudo-0:1.7.2p1-31.el5_11.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.7.2p1-31.el5_11.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"product": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"product_id": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.7.2p1-31.el5_11.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.7.2p1-31.el5_11.1.i386",
"product": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.i386",
"product_id": "sudo-0:1.7.2p1-31.el5_11.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.7.2p1-31.el5_11.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"product": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"product_id": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.7.2p1-31.el5_11.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"product": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"product_id": "sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.7.2p1-31.el5_11.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64",
"product_id": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.7.2p1-31.el5_11.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.7.2p1-31.el5_11.1.src",
"product": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.src",
"product_id": "sudo-0:1.7.2p1-31.el5_11.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.7.2p1-31.el5_11.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.i386"
},
"product_reference": "sudo-0:1.7.2p1-31.el5_11.1.i386",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.s390x"
},
"product_reference": "sudo-0:1.7.2p1-31.el5_11.1.s390x",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.src as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.src"
},
"product_reference": "sudo-0:1.7.2p1-31.el5_11.1.src",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.7.2p1-31.el5_11.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.x86_64"
},
"product_reference": "sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386"
},
"product_reference": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"relates_to_product_reference": "5Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
"product_id": "5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64",
"relates_to_product_reference": "5Server-ELS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.src",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-10T15:34:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.src",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.src",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.src",
"5Server-ELS:sudo-0:1.7.2p1-31.el5_11.1.x86_64",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.i386",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.s390x",
"5Server-ELS:sudo-debuginfo-0:1.7.2p1-31.el5_11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3755
Vulnerability from csaf_redhat
Published
2019-11-06 17:28
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3755",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3755.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:41+00:00",
"generator": {
"date": "2025-08-02T11:12:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3755",
"initial_release_date": "2019-11-06T17:28:28+00:00",
"revision_history": [
{
"date": "2019-11-06T17:28:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-06T17:28:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"product": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"product_id": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-29.el6_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"product": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"product_id": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-29.el6_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-29.el6_10.2.src",
"product": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src",
"product_id": "sudo-0:1.8.6p3-29.el6_10.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-29.el6_10.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"product": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"product_id": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-29.el6_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"product": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"product_id": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-29.el6_10.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"product": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"product_id": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-29.el6_10.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"product_id": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-29.el6_10.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Client-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.src",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"relates_to_product_reference": "6Workstation-optional-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-06T17:28:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Client-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Client-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6ComputeNode-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6ComputeNode-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Server-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Server-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.src",
"6Workstation-optional-6.10.z:sudo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-debuginfo-0:1.8.6p3-29.el6_10.2.x86_64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.i686",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.ppc64",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.s390x",
"6Workstation-optional-6.10.z:sudo-devel-0:1.8.6p3-29.el6_10.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3895
Vulnerability from csaf_redhat
Published
2019-11-18 12:30
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3895",
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3895.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:45+00:00",
"generator": {
"date": "2025-08-02T11:13:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3895",
"initial_release_date": "2019-11-18T12:30:00+00:00",
"revision_history": [
{
"date": "2019-11-18T12:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-18T12:30:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"product": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"product_id": "sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-12.el6_5.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-12.el6_5.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"product": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"product_id": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-12.el6_5.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-12.el6_5.2.src",
"product": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.src",
"product_id": "sudo-0:1.8.6p3-12.el6_5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-12.el6_5.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"product": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"product_id": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-12.el6_5.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"product_id": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-12.el6_5.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src"
},
"product_reference": "sudo-0:1.8.6p3-12.el6_5.2.src",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.5)",
"product_id": "6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src"
},
"product_reference": "sudo-0:1.8.6p3-12.el6_5.2.src",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.5)",
"product_id": "6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.5.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-18T12:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.src",
"6Server-optional-6.5.AUS:sudo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-debuginfo-0:1.8.6p3-12.el6_5.2.x86_64",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.i686",
"6Server-optional-6.5.AUS:sudo-devel-0:1.8.6p3-12.el6_5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3754
Vulnerability from csaf_redhat
Published
2019-11-06 16:45
Modified
2025-08-02 11:13
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3754",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3754.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:13:31+00:00",
"generator": {
"date": "2025-08-02T11:13:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3754",
"initial_release_date": "2019-11-06T16:45:55+00:00",
"revision_history": [
{
"date": "2019-11-06T16:45:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-06T16:45:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:13:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"product": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"product_id": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-15.el6_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"product_id": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-15.el6_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"product": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"product_id": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p3-15.el6_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p3-15.el6_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"product": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"product_id": "sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-15.el6_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p3-15.el6_6.2.src",
"product": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.src",
"product_id": "sudo-0:1.8.6p3-15.el6_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p3-15.el6_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src"
},
"product_reference": "sudo-0:1.8.6p3-15.el6_6.2.src",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
"product_id": "6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src"
},
"product_reference": "sudo-0:1.8.6p3-15.el6_6.2.src",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
"product_id": "6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"relates_to_product_reference": "6Server-optional-6.6.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-06T16:45:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.src",
"6Server-optional-6.6.AUS:sudo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-debuginfo-0:1.8.6p3-15.el6_6.2.x86_64",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.i686",
"6Server-optional-6.6.AUS:sudo-devel-0:1.8.6p3-15.el6_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3205
Vulnerability from csaf_redhat
Published
2019-10-24 21:33
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3205",
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3205.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:11+00:00",
"generator": {
"date": "2025-08-02T11:12:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3205",
"initial_release_date": "2019-10-24T21:33:51+00:00",
"revision_history": [
{
"date": "2019-10-24T21:33:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T16:27:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"product": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"product_id": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-3.el7_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.23-3.el7_6.1.s390x",
"product": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x",
"product_id": "sudo-0:1.8.23-3.el7_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-3.el7_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"product": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"product_id": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-3.el7_6.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"product": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"product_id": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.23-3.el7_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.23-3.el7_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"product": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"product_id": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-3.el7_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.23-3.el7_6.1.src",
"product": {
"name": "sudo-0:1.8.23-3.el7_6.1.src",
"product_id": "sudo-0:1.8.23-3.el7_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.23-3.el7_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
"product_id": "7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6)",
"product_id": "7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.6)",
"product_id": "7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.src",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.i686",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6-EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T21:33:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7ComputeNode-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7ComputeNode-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-7.6.EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-7.6.EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.src",
"7Server-optional-Alt-7.6-EUS:sudo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-debuginfo-0:1.8.23-3.el7_6.1.x86_64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.i686",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.ppc64le",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.s390x",
"7Server-optional-Alt-7.6-EUS:sudo-devel-0:1.8.23-3.el7_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3204
Vulnerability from csaf_redhat
Published
2019-10-24 21:27
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3204",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3204.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:17+00:00",
"generator": {
"date": "2025-08-02T11:12:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3204",
"initial_release_date": "2019-10-24T21:27:30+00:00",
"revision_history": [
{
"date": "2019-10-24T21:27:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-24T21:27:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.5::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.5::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"product": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"product_id": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-14.el7_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-14.el7_5.1.src",
"product": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.src",
"product_id": "sudo-0:1.8.19p2-14.el7_5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-14.el7_5.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"product": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"product_id": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-14.el7_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"product": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"product_id": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-14.el7_5.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_id": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.19p2-14.el7_5.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"product": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"product_id": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.19p2-14.el7_5.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"product": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"product_id": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.19p2-14.el7_5.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.src",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.5)",
"product_id": "7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5)",
"product_id": "7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.src",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.src",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.5)",
"product_id": "7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
},
"product_reference": "sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"relates_to_product_reference": "7Server-optional-7.5.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T21:27:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7ComputeNode-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7ComputeNode-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.src",
"7Server-optional-7.5.EUS:sudo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-debuginfo-0:1.8.19p2-14.el7_5.1.x86_64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.i686",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.ppc64le",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.s390x",
"7Server-optional-7.5.EUS:sudo-devel-0:1.8.19p2-14.el7_5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
rhsa-2019:3278
Vulnerability from csaf_redhat
Published
2019-10-31 11:38
Modified
2025-08-02 11:12
Summary
Red Hat Security Advisory: sudo security update
Notes
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for sudo is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword (CVE-2019-14287)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3278",
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3278.json"
}
],
"title": "Red Hat Security Advisory: sudo security update",
"tracking": {
"current_release_date": "2025-08-02T11:12:28+00:00",
"generator": {
"date": "2025-08-02T11:12:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:3278",
"initial_release_date": "2019-10-31T11:38:20+00:00",
"revision_history": [
{
"date": "2019-10-31T11:38:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-31T11:38:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-02T11:12:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.2::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"product": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"product_id": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p7-17.el7_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"product": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"product_id": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p7-17.el7_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"product": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"product_id": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p7-17.el7_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-0:1.8.6p7-17.el7_2.2.src",
"product": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src",
"product_id": "sudo-0:1.8.6p7-17.el7_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo@1.8.6p7-17.el7_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"product": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"product_id": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-devel@1.8.6p7-17.el7_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"product": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"product_id": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sudo-debuginfo@1.8.6p7-17.el7_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
"product_id": "7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.2)",
"product_id": "7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.2)",
"product_id": "7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)",
"product_id": "7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.2)",
"product_id": "7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.src",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.2)",
"product_id": "7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
},
"product_reference": "sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Sudo project"
]
},
{
"names": [
"Joe Vennix"
],
"organization": "Apple Information Security",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14287",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2019-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1760531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\n\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\n\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\n\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\n\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "RHBZ#1760531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"category": "external",
"summary": "https://www.sudo.ws/alerts/minus_1_uid.html",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"release_date": "2019-10-14T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-31T11:38:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"category": "workaround",
"details": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\n\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\n\nor by reference to a runas alias:\n\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\n\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.",
"product_ids": [
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.AUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.AUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.E4S:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.E4S:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.src",
"7Server-optional-7.2.TUS:sudo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-debuginfo-0:1.8.6p7-17.el7_2.2.x86_64",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.i686",
"7Server-optional-7.2.TUS:sudo-devel-0:1.8.6p7-17.el7_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: Privilege escalation via \u0027Runas\u0027 specification with \u0027ALL\u0027 keyword"
}
]
}
opensuse-su-2019:2316-1
Vulnerability from csaf_opensuse
Published
2019-10-15 04:53
Modified
2019-10-15 04:53
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issue:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2316
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issue:\n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges \n that allowed them to run commands with an arbitrary uid, could \n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2316",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2316-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2316-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5CZZAG7XSZAR6GDRIODAMMG67QVMCPCH/#5CZZAG7XSZAR6GDRIODAMMG67QVMCPCH"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2316-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5CZZAG7XSZAR6GDRIODAMMG67QVMCPCH/#5CZZAG7XSZAR6GDRIODAMMG67QVMCPCH"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-15T04:53:54Z",
"generator": {
"date": "2019-10-15T04:53:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2316-1",
"initial_release_date": "2019-10-15T04:53:54Z",
"revision_history": [
{
"date": "2019-10-15T04:53:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-lp151.5.3.1.i586",
"product": {
"name": "sudo-1.8.22-lp151.5.3.1.i586",
"product_id": "sudo-1.8.22-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-lp151.5.3.1.i586",
"product": {
"name": "sudo-devel-1.8.22-lp151.5.3.1.i586",
"product_id": "sudo-devel-1.8.22-lp151.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-lp151.5.3.1.i586",
"product": {
"name": "sudo-test-1.8.22-lp151.5.3.1.i586",
"product_id": "sudo-test-1.8.22-lp151.5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-lp151.5.3.1.x86_64",
"product": {
"name": "sudo-1.8.22-lp151.5.3.1.x86_64",
"product_id": "sudo-1.8.22-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"product": {
"name": "sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"product_id": "sudo-devel-1.8.22-lp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-lp151.5.3.1.x86_64",
"product": {
"name": "sudo-test-1.8.22-lp151.5.3.1.x86_64",
"product_id": "sudo-test-1.8.22-lp151.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.i586"
},
"product_reference": "sudo-1.8.22-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.x86_64"
},
"product_reference": "sudo-1.8.22-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.i586"
},
"product_reference": "sudo-devel-1.8.22-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.x86_64"
},
"product_reference": "sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.8.22-lp151.5.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.i586"
},
"product_reference": "sudo-test-1.8.22-lp151.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.8.22-lp151.5.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.x86_64"
},
"product_reference": "sudo-test-1.8.22-lp151.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.3.1.x86_64",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.i586",
"openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T04:53:54Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
opensuse-su-2019:2333-1
Vulnerability from csaf_opensuse
Published
2019-10-17 08:21
Modified
2019-10-17 08:21
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issue:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2333
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issue:\n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges \n that allowed them to run commands with an arbitrary uid, could \n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2333",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2333-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2333-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BSBNENZR57LOHEQOPC2JHBLICDY4PCZ5/#BSBNENZR57LOHEQOPC2JHBLICDY4PCZ5"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2333-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BSBNENZR57LOHEQOPC2JHBLICDY4PCZ5/#BSBNENZR57LOHEQOPC2JHBLICDY4PCZ5"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-17T08:21:26Z",
"generator": {
"date": "2019-10-17T08:21:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2333-1",
"initial_release_date": "2019-10-17T08:21:26Z",
"revision_history": [
{
"date": "2019-10-17T08:21:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-lp150.8.1.i586",
"product": {
"name": "sudo-1.8.22-lp150.8.1.i586",
"product_id": "sudo-1.8.22-lp150.8.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-lp150.8.1.i586",
"product": {
"name": "sudo-devel-1.8.22-lp150.8.1.i586",
"product_id": "sudo-devel-1.8.22-lp150.8.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-lp150.8.1.i586",
"product": {
"name": "sudo-test-1.8.22-lp150.8.1.i586",
"product_id": "sudo-test-1.8.22-lp150.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-lp150.8.1.x86_64",
"product": {
"name": "sudo-1.8.22-lp150.8.1.x86_64",
"product_id": "sudo-1.8.22-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-lp150.8.1.x86_64",
"product": {
"name": "sudo-devel-1.8.22-lp150.8.1.x86_64",
"product_id": "sudo-devel-1.8.22-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-lp150.8.1.x86_64",
"product": {
"name": "sudo-test-1.8.22-lp150.8.1.x86_64",
"product_id": "sudo-test-1.8.22-lp150.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-lp150.8.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.i586"
},
"product_reference": "sudo-1.8.22-lp150.8.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.x86_64"
},
"product_reference": "sudo-1.8.22-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-lp150.8.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.i586"
},
"product_reference": "sudo-devel-1.8.22-lp150.8.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.x86_64"
},
"product_reference": "sudo-devel-1.8.22-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.8.22-lp150.8.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.i586"
},
"product_reference": "sudo-test-1.8.22-lp150.8.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.8.22-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.x86_64"
},
"product_reference": "sudo-test-1.8.22-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-devel-1.8.22-lp150.8.1.x86_64",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.i586",
"openSUSE Leap 15.0:sudo-test-1.8.22-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-17T08:21:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
opensuse-su-2024:11413-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
sudo-1.9.7p2-1.4 on GA media
Notes
Title of the patch
sudo-1.9.7p2-1.4 on GA media
Description of the patch
These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11413
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sudo-1.9.7p2-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11413",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11413-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-4158 page",
"url": "https://www.suse.com/security/cve/CVE-2005-4158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9680 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7032 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7076 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000367 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000368 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18634 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23239 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23240 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3156 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3156/"
}
],
"title": "sudo-1.9.7p2-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11413-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.9.7p2-1.4.aarch64",
"product": {
"name": "sudo-1.9.7p2-1.4.aarch64",
"product_id": "sudo-1.9.7p2-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.9.7p2-1.4.aarch64",
"product": {
"name": "sudo-devel-1.9.7p2-1.4.aarch64",
"product_id": "sudo-devel-1.9.7p2-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
"product": {
"name": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
"product_id": "sudo-plugin-python-1.9.7p2-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.9.7p2-1.4.aarch64",
"product": {
"name": "sudo-test-1.9.7p2-1.4.aarch64",
"product_id": "sudo-test-1.9.7p2-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.9.7p2-1.4.ppc64le",
"product": {
"name": "sudo-1.9.7p2-1.4.ppc64le",
"product_id": "sudo-1.9.7p2-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.9.7p2-1.4.ppc64le",
"product": {
"name": "sudo-devel-1.9.7p2-1.4.ppc64le",
"product_id": "sudo-devel-1.9.7p2-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"product": {
"name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"product_id": "sudo-plugin-python-1.9.7p2-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-test-1.9.7p2-1.4.ppc64le",
"product": {
"name": "sudo-test-1.9.7p2-1.4.ppc64le",
"product_id": "sudo-test-1.9.7p2-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.9.7p2-1.4.s390x",
"product": {
"name": "sudo-1.9.7p2-1.4.s390x",
"product_id": "sudo-1.9.7p2-1.4.s390x"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.9.7p2-1.4.s390x",
"product": {
"name": "sudo-devel-1.9.7p2-1.4.s390x",
"product_id": "sudo-devel-1.9.7p2-1.4.s390x"
}
},
{
"category": "product_version",
"name": "sudo-plugin-python-1.9.7p2-1.4.s390x",
"product": {
"name": "sudo-plugin-python-1.9.7p2-1.4.s390x",
"product_id": "sudo-plugin-python-1.9.7p2-1.4.s390x"
}
},
{
"category": "product_version",
"name": "sudo-test-1.9.7p2-1.4.s390x",
"product": {
"name": "sudo-test-1.9.7p2-1.4.s390x",
"product_id": "sudo-test-1.9.7p2-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.9.7p2-1.4.x86_64",
"product": {
"name": "sudo-1.9.7p2-1.4.x86_64",
"product_id": "sudo-1.9.7p2-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.9.7p2-1.4.x86_64",
"product": {
"name": "sudo-devel-1.9.7p2-1.4.x86_64",
"product_id": "sudo-devel-1.9.7p2-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
"product": {
"name": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
"product_id": "sudo-plugin-python-1.9.7p2-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.9.7p2-1.4.x86_64",
"product": {
"name": "sudo-test-1.9.7p2-1.4.x86_64",
"product_id": "sudo-test-1.9.7p2-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64"
},
"product_reference": "sudo-1.9.7p2-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le"
},
"product_reference": "sudo-1.9.7p2-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x"
},
"product_reference": "sudo-1.9.7p2-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64"
},
"product_reference": "sudo-1.9.7p2-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64"
},
"product_reference": "sudo-devel-1.9.7p2-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le"
},
"product_reference": "sudo-devel-1.9.7p2-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x"
},
"product_reference": "sudo-devel-1.9.7p2-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64"
},
"product_reference": "sudo-devel-1.9.7p2-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-plugin-python-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64"
},
"product_reference": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le"
},
"product_reference": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-plugin-python-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x"
},
"product_reference": "sudo-plugin-python-1.9.7p2-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-plugin-python-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64"
},
"product_reference": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64"
},
"product_reference": "sudo-test-1.9.7p2-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le"
},
"product_reference": "sudo-test-1.9.7p2-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x"
},
"product_reference": "sudo-test-1.9.7p2-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-test-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
},
"product_reference": "sudo-test-1.9.7p2-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-4158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-4158"
}
],
"notes": [
{
"category": "general",
"text": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-4158",
"url": "https://www.suse.com/security/cve/CVE-2005-4158"
},
{
"category": "external",
"summary": "SUSE Bug 140300 for CVE-2005-4158",
"url": "https://bugzilla.suse.com/140300"
},
{
"category": "external",
"summary": "SUSE Bug 145687 for CVE-2005-4158",
"url": "https://bugzilla.suse.com/145687"
},
{
"category": "external",
"summary": "SUSE Bug 159599 for CVE-2005-4158",
"url": "https://bugzilla.suse.com/159599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-4158"
},
{
"cve": "CVE-2014-9680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9680"
}
],
"notes": [
{
"category": "general",
"text": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9680",
"url": "https://www.suse.com/security/cve/CVE-2014-9680"
},
{
"category": "external",
"summary": "SUSE Bug 917806 for CVE-2014-9680",
"url": "https://bugzilla.suse.com/917806"
},
{
"category": "external",
"summary": "SUSE Bug 919737 for CVE-2014-9680",
"url": "https://bugzilla.suse.com/919737"
},
{
"category": "external",
"summary": "SUSE Bug 921999 for CVE-2014-9680",
"url": "https://bugzilla.suse.com/921999"
},
{
"category": "external",
"summary": "SUSE Bug 953359 for CVE-2014-9680",
"url": "https://bugzilla.suse.com/953359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-9680"
},
{
"cve": "CVE-2016-7032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7032"
}
],
"notes": [
{
"category": "general",
"text": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7032",
"url": "https://www.suse.com/security/cve/CVE-2016-7032"
},
{
"category": "external",
"summary": "SUSE Bug 1007501 for CVE-2016-7032",
"url": "https://bugzilla.suse.com/1007501"
},
{
"category": "external",
"summary": "SUSE Bug 1007766 for CVE-2016-7032",
"url": "https://bugzilla.suse.com/1007766"
},
{
"category": "external",
"summary": "SUSE Bug 1011975 for CVE-2016-7032",
"url": "https://bugzilla.suse.com/1011975"
},
{
"category": "external",
"summary": "SUSE Bug 1011976 for CVE-2016-7032",
"url": "https://bugzilla.suse.com/1011976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7032"
},
{
"cve": "CVE-2016-7076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7076"
}
],
"notes": [
{
"category": "general",
"text": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7076",
"url": "https://www.suse.com/security/cve/CVE-2016-7076"
},
{
"category": "external",
"summary": "SUSE Bug 1007501 for CVE-2016-7076",
"url": "https://bugzilla.suse.com/1007501"
},
{
"category": "external",
"summary": "SUSE Bug 1011975 for CVE-2016-7076",
"url": "https://bugzilla.suse.com/1011975"
},
{
"category": "external",
"summary": "SUSE Bug 1011976 for CVE-2016-7076",
"url": "https://bugzilla.suse.com/1011976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7076"
},
{
"cve": "CVE-2017-1000367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000367"
}
],
"notes": [
{
"category": "general",
"text": "Todd Miller\u0027s sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000367",
"url": "https://www.suse.com/security/cve/CVE-2017-1000367"
},
{
"category": "external",
"summary": "SUSE Bug 1007501 for CVE-2017-1000367",
"url": "https://bugzilla.suse.com/1007501"
},
{
"category": "external",
"summary": "SUSE Bug 1039361 for CVE-2017-1000367",
"url": "https://bugzilla.suse.com/1039361"
},
{
"category": "external",
"summary": "SUSE Bug 1042146 for CVE-2017-1000367",
"url": "https://bugzilla.suse.com/1042146"
},
{
"category": "external",
"summary": "SUSE Bug 1077345 for CVE-2017-1000367",
"url": "https://bugzilla.suse.com/1077345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000367"
},
{
"cve": "CVE-2017-1000368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000368"
}
],
"notes": [
{
"category": "general",
"text": "Todd Miller\u0027s sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000368",
"url": "https://www.suse.com/security/cve/CVE-2017-1000368"
},
{
"category": "external",
"summary": "SUSE Bug 1039361 for CVE-2017-1000368",
"url": "https://bugzilla.suse.com/1039361"
},
{
"category": "external",
"summary": "SUSE Bug 1042146 for CVE-2017-1000368",
"url": "https://bugzilla.suse.com/1042146"
},
{
"category": "external",
"summary": "SUSE Bug 1045986 for CVE-2017-1000368",
"url": "https://bugzilla.suse.com/1045986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000368"
},
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
},
{
"cve": "CVE-2019-18634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18634"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18634",
"url": "https://www.suse.com/security/cve/CVE-2019-18634"
},
{
"category": "external",
"summary": "SUSE Bug 1162202 for CVE-2019-18634",
"url": "https://bugzilla.suse.com/1162202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-18634"
},
{
"cve": "CVE-2021-23239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23239"
}
],
"notes": [
{
"category": "general",
"text": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23239",
"url": "https://www.suse.com/security/cve/CVE-2021-23239"
},
{
"category": "external",
"summary": "SUSE Bug 1171722 for CVE-2021-23239",
"url": "https://bugzilla.suse.com/1171722"
},
{
"category": "external",
"summary": "SUSE Bug 1180684 for CVE-2021-23239",
"url": "https://bugzilla.suse.com/1180684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-23239"
},
{
"cve": "CVE-2021-23240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23240"
}
],
"notes": [
{
"category": "general",
"text": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23240",
"url": "https://www.suse.com/security/cve/CVE-2021-23240"
},
{
"category": "external",
"summary": "SUSE Bug 1171722 for CVE-2021-23240",
"url": "https://bugzilla.suse.com/1171722"
},
{
"category": "external",
"summary": "SUSE Bug 1180685 for CVE-2021-23240",
"url": "https://bugzilla.suse.com/1180685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23240"
},
{
"cve": "CVE-2021-3156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3156"
}
],
"notes": [
{
"category": "general",
"text": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3156",
"url": "https://www.suse.com/security/cve/CVE-2021-3156"
},
{
"category": "external",
"summary": "SUSE Bug 1180684 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1180684"
},
{
"category": "external",
"summary": "SUSE Bug 1181090 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1181090"
},
{
"category": "external",
"summary": "SUSE Bug 1181506 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1181506"
},
{
"category": "external",
"summary": "SUSE Bug 1181657 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1181657"
},
{
"category": "external",
"summary": "SUSE Bug 1183936 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1183936"
},
{
"category": "external",
"summary": "SUSE Bug 1218863 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1218863"
},
{
"category": "external",
"summary": "SUSE Bug 1225623 for CVE-2021-3156",
"url": "https://bugzilla.suse.com/1225623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
"openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3156"
}
]
}
gsd-2019-14287
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-14287",
"description": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"id": "GSD-2019-14287",
"references": [
"https://www.suse.com/security/cve/CVE-2019-14287.html",
"https://www.debian.org/security/2019/dsa-4543",
"https://access.redhat.com/errata/RHSA-2020:0388",
"https://access.redhat.com/errata/RHSA-2019:4191",
"https://access.redhat.com/errata/RHSA-2019:3941",
"https://access.redhat.com/errata/RHSA-2019:3916",
"https://access.redhat.com/errata/RHSA-2019:3895",
"https://access.redhat.com/errata/RHSA-2019:3755",
"https://access.redhat.com/errata/RHSA-2019:3754",
"https://access.redhat.com/errata/RHSA-2019:3694",
"https://access.redhat.com/errata/RHSA-2019:3278",
"https://access.redhat.com/errata/RHBA-2019:3248",
"https://access.redhat.com/errata/RHSA-2019:3219",
"https://access.redhat.com/errata/RHSA-2019:3209",
"https://access.redhat.com/errata/RHSA-2019:3205",
"https://access.redhat.com/errata/RHSA-2019:3204",
"https://access.redhat.com/errata/RHSA-2019:3197",
"https://ubuntu.com/security/CVE-2019-14287",
"https://advisories.mageia.org/CVE-2019-14287.html",
"https://security.archlinux.org/CVE-2019-14287",
"https://alas.aws.amazon.com/cve/html/CVE-2019-14287.html",
"https://linux.oracle.com/cve/CVE-2019-14287.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-14287"
],
"details": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"id": "GSD-2019-14287",
"modified": "2023-12-13T01:23:52.793273Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20191014 Sudo: CVE-2019-14287",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"name": "USN-4154-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"name": "DSA-4543",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"name": "20191015 [SECURITY] [DSA 4543-1] sudo security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"name": "20191015 [slackware-security] sudo (SSA:2019-287-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"name": "openSUSE-SU-2019:2316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"name": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "FEDORA-2019-9cb221f2be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"name": "https://www.sudo.ws/alerts/minus_1_uid.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"name": "openSUSE-SU-2019:2333",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191017-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"name": "[oss-security] 20191015 Re: Sudo: CVE-2019-14287",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"name": "FEDORA-2019-67998e9f7e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"name": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "RHSA-2019:3197",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"name": "RHSA-2019:3205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"name": "RHSA-2019:3204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"name": "RHSA-2019:3209",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"name": "RHSA-2019:3219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "FEDORA-2019-72755db9c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"name": "RHSA-2019:3278",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"name": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287",
"refsource": "MISC",
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"name": "RHSA-2019:3694",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"name": "RHSA-2019:3755",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"name": "RHSA-2019:3754",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"name": "RHSA-2019:3895",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"name": "RHSA-2019:3916",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHBA-2019:3248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"name": "RHSA-2019:3941",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "RHSA-2019:4191",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"name": "RHSA-2020:0388",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"name": "GLSA-202003-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.28",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14287"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-9cb221f2be",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"name": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "20191015 [slackware-security] sudo (SSA:2019-287-01)",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"name": "[oss-security] 20191014 Sudo: CVE-2019-14287",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"name": "USN-4154-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"name": "20191015 [SECURITY] [DSA 4543-1] sudo security update",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"name": "openSUSE-SU-2019:2333",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191017-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"name": "DSA-4543",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"name": "[oss-security] 20191015 Re: Sudo: CVE-2019-14287",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"name": "https://www.sudo.ws/alerts/minus_1_uid.html",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"name": "openSUSE-SU-2019:2316",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1964-1] sudo security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"name": "FEDORA-2019-67998e9f7e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"name": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "RHSA-2019:3205",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"name": "RHSA-2019:3197",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"name": "RHSA-2019:3204",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"name": "RHSA-2019:3219",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"name": "RHSA-2019:3209",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "FEDORA-2019-72755db9c7",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"name": "RHSA-2019:3278",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"name": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"name": "RHSA-2019:3694",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"name": "RHSA-2019:3754",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"name": "RHSA-2019:3755",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"name": "RHSA-2019:3895",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"name": "RHSA-2019:3916",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHBA-2019:3248",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"name": "RHSA-2019:3941",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "RHSA-2019:4191",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"name": "RHSA-2020:0388",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"name": "GLSA-202003-12",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-18T15:45Z",
"publishedDate": "2019-10-17T18:15Z"
}
}
}
suse-su-2019:2667-1
Vulnerability from csaf_suse
Published
2019-10-15 11:16
Modified
2019-10-15 11:16
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issues:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
Patchnames
SUSE-2019-2667,SUSE-OpenStack-Cloud-7-2019-2667,SUSE-SLE-SAP-12-SP2-2019-2667,SUSE-SLE-SERVER-12-SP2-2019-2667,SUSE-SLE-SERVER-12-SP2-BCL-2019-2667,SUSE-Storage-4-2019-2667
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issues:\n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges \n that allowed them to run commands with an arbitrary uid, could \n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2667,SUSE-OpenStack-Cloud-7-2019-2667,SUSE-SLE-SAP-12-SP2-2019-2667,SUSE-SLE-SERVER-12-SP2-2019-2667,SUSE-SLE-SERVER-12-SP2-BCL-2019-2667,SUSE-Storage-4-2019-2667",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2667-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2667-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192667-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2667-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006019.html"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-15T11:16:01Z",
"generator": {
"date": "2019-10-15T11:16:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2667-1",
"initial_release_date": "2019-10-15T11:16:01Z",
"revision_history": [
{
"date": "2019-10-15T11:16:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.aarch64",
"product": {
"name": "sudo-1.8.10p3-10.23.1.aarch64",
"product_id": "sudo-1.8.10p3-10.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.aarch64",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.aarch64",
"product_id": "sudo-devel-1.8.10p3-10.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.aarch64",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.aarch64",
"product_id": "sudo-test-1.8.10p3-10.23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.i586",
"product": {
"name": "sudo-1.8.10p3-10.23.1.i586",
"product_id": "sudo-1.8.10p3-10.23.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.i586",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.i586",
"product_id": "sudo-devel-1.8.10p3-10.23.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.i586",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.i586",
"product_id": "sudo-test-1.8.10p3-10.23.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.ppc64le",
"product": {
"name": "sudo-1.8.10p3-10.23.1.ppc64le",
"product_id": "sudo-1.8.10p3-10.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.ppc64le",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.ppc64le",
"product_id": "sudo-devel-1.8.10p3-10.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.ppc64le",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.ppc64le",
"product_id": "sudo-test-1.8.10p3-10.23.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.s390",
"product": {
"name": "sudo-1.8.10p3-10.23.1.s390",
"product_id": "sudo-1.8.10p3-10.23.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.s390",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.s390",
"product_id": "sudo-devel-1.8.10p3-10.23.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.s390",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.s390",
"product_id": "sudo-test-1.8.10p3-10.23.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.s390x",
"product": {
"name": "sudo-1.8.10p3-10.23.1.s390x",
"product_id": "sudo-1.8.10p3-10.23.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.s390x",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.s390x",
"product_id": "sudo-devel-1.8.10p3-10.23.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.s390x",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.s390x",
"product_id": "sudo-test-1.8.10p3-10.23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-10.23.1.x86_64",
"product": {
"name": "sudo-1.8.10p3-10.23.1.x86_64",
"product_id": "sudo-1.8.10p3-10.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-10.23.1.x86_64",
"product": {
"name": "sudo-devel-1.8.10p3-10.23.1.x86_64",
"product_id": "sudo-devel-1.8.10p3-10.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-10.23.1.x86_64",
"product": {
"name": "sudo-test-1.8.10p3-10.23.1.x86_64",
"product_id": "sudo-test-1.8.10p3-10.23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.s390x"
},
"product_reference": "sudo-1.8.10p3-10.23.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-10.23.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.ppc64le"
},
"product_reference": "sudo-1.8.10p3-10.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-10.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.ppc64le"
},
"product_reference": "sudo-1.8.10p3-10.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.s390x"
},
"product_reference": "sudo-1.8.10p3-10.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-10.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.23.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-10.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-10.23.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:sudo-1.8.10p3-10.23.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-10.23.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.s390x",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.s390x",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.23.1.x86_64",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.s390x",
"SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T11:16:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
suse-su-2019:2656-1
Vulnerability from csaf_suse
Published
2019-10-14 15:02
Modified
2019-10-14 15:02
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issue:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
Patchnames
SUSE-2019-2656,SUSE-SLE-Module-Basesystem-15-2019-2656,SUSE-SLE-Module-Basesystem-15-SP1-2019-2656,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2656,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2656
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issue:\n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges \n that allowed them to run commands with an arbitrary uid, could \n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2656,SUSE-SLE-Module-Basesystem-15-2019-2656,SUSE-SLE-Module-Basesystem-15-SP1-2019-2656,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2656,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2656",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2656-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2656-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192656-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-14T15:02:27Z",
"generator": {
"date": "2019-10-14T15:02:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2656-1",
"initial_release_date": "2019-10-14T15:02:27Z",
"revision_history": [
{
"date": "2019-10-14T15:02:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-4.6.1.aarch64",
"product": {
"name": "sudo-1.8.22-4.6.1.aarch64",
"product_id": "sudo-1.8.22-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-4.6.1.aarch64",
"product": {
"name": "sudo-devel-1.8.22-4.6.1.aarch64",
"product_id": "sudo-devel-1.8.22-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-4.6.1.aarch64",
"product": {
"name": "sudo-test-1.8.22-4.6.1.aarch64",
"product_id": "sudo-test-1.8.22-4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-4.6.1.i586",
"product": {
"name": "sudo-1.8.22-4.6.1.i586",
"product_id": "sudo-1.8.22-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-4.6.1.i586",
"product": {
"name": "sudo-devel-1.8.22-4.6.1.i586",
"product_id": "sudo-devel-1.8.22-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-4.6.1.i586",
"product": {
"name": "sudo-test-1.8.22-4.6.1.i586",
"product_id": "sudo-test-1.8.22-4.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-4.6.1.ppc64le",
"product": {
"name": "sudo-1.8.22-4.6.1.ppc64le",
"product_id": "sudo-1.8.22-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-4.6.1.ppc64le",
"product": {
"name": "sudo-devel-1.8.22-4.6.1.ppc64le",
"product_id": "sudo-devel-1.8.22-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-4.6.1.ppc64le",
"product": {
"name": "sudo-test-1.8.22-4.6.1.ppc64le",
"product_id": "sudo-test-1.8.22-4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-4.6.1.s390x",
"product": {
"name": "sudo-1.8.22-4.6.1.s390x",
"product_id": "sudo-1.8.22-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-4.6.1.s390x",
"product": {
"name": "sudo-devel-1.8.22-4.6.1.s390x",
"product_id": "sudo-devel-1.8.22-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-4.6.1.s390x",
"product": {
"name": "sudo-test-1.8.22-4.6.1.s390x",
"product_id": "sudo-test-1.8.22-4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.22-4.6.1.x86_64",
"product": {
"name": "sudo-1.8.22-4.6.1.x86_64",
"product_id": "sudo-1.8.22-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.22-4.6.1.x86_64",
"product": {
"name": "sudo-devel-1.8.22-4.6.1.x86_64",
"product_id": "sudo-devel-1.8.22-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.22-4.6.1.x86_64",
"product": {
"name": "sudo-test-1.8.22-4.6.1.x86_64",
"product_id": "sudo-test-1.8.22-4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.aarch64"
},
"product_reference": "sudo-1.8.22-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.ppc64le"
},
"product_reference": "sudo-1.8.22-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.s390x"
},
"product_reference": "sudo-1.8.22-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.x86_64"
},
"product_reference": "sudo-1.8.22-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.aarch64"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.ppc64le"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.s390x"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.x86_64"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.aarch64"
},
"product_reference": "sudo-1.8.22-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.ppc64le"
},
"product_reference": "sudo-1.8.22-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.s390x"
},
"product_reference": "sudo-1.8.22-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.22-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.x86_64"
},
"product_reference": "sudo-1.8.22-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.aarch64"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.ppc64le"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.s390x"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.22-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.x86_64"
},
"product_reference": "sudo-devel-1.8.22-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:sudo-devel-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-1.8.22-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:sudo-devel-1.8.22-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-14T15:02:27Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
suse-su-2019:14193-1
Vulnerability from csaf_suse
Published
2019-10-18 14:20
Modified
2019-10-18 14:20
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issues:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674).
Patchnames
sleposp3-sudo-14193,slessp4-sudo-14193
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issues:\n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-sudo-14193,slessp4-sudo-14193",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14193-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14193-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914193-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14193-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006032.html"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-18T14:20:07Z",
"generator": {
"date": "2019-10-18T14:20:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14193-1",
"initial_release_date": "2019-10-18T14:20:07Z",
"revision_history": [
{
"date": "2019-10-18T14:20:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.7.6p2-0.30.5.1.i586",
"product": {
"name": "sudo-1.7.6p2-0.30.5.1.i586",
"product_id": "sudo-1.7.6p2-0.30.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.7.6p2-0.30.5.1.ppc64",
"product": {
"name": "sudo-1.7.6p2-0.30.5.1.ppc64",
"product_id": "sudo-1.7.6p2-0.30.5.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.7.6p2-0.30.5.1.s390x",
"product": {
"name": "sudo-1.7.6p2-0.30.5.1.s390x",
"product_id": "sudo-1.7.6p2-0.30.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.7.6p2-0.30.5.1.x86_64",
"product": {
"name": "sudo-1.7.6p2-0.30.5.1.x86_64",
"product_id": "sudo-1.7.6p2-0.30.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.7.6p2-0.30.5.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:sudo-1.7.6p2-0.30.5.1.i586"
},
"product_reference": "sudo-1.7.6p2-0.30.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.7.6p2-0.30.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.i586"
},
"product_reference": "sudo-1.7.6p2-0.30.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.7.6p2-0.30.5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.ppc64"
},
"product_reference": "sudo-1.7.6p2-0.30.5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.7.6p2-0.30.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.s390x"
},
"product_reference": "sudo-1.7.6p2-0.30.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.7.6p2-0.30.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.x86_64"
},
"product_reference": "sudo-1.7.6p2-0.30.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:sudo-1.7.6p2-0.30.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-18T14:20:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
suse-su-2019:2666-1
Vulnerability from csaf_suse
Published
2019-10-15 11:15
Modified
2019-10-15 11:15
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo fixes the following issues:
Security issue fixed:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
Patchnames
HPE-Helion-OpenStack-8-2019-2666,SUSE-2019-2666,SUSE-OpenStack-Cloud-8-2019-2666,SUSE-OpenStack-Cloud-Crowbar-8-2019-2666,SUSE-SLE-DESKTOP-12-SP4-2019-2666,SUSE-SLE-SAP-12-SP3-2019-2666,SUSE-SLE-SDK-12-SP4-2019-2666,SUSE-SLE-SERVER-12-SP3-2019-2666,SUSE-SLE-SERVER-12-SP3-BCL-2019-2666,SUSE-SLE-SERVER-12-SP4-2019-2666,SUSE-Storage-5-2019-2666
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo fixes the following issues:\n\nSecurity issue fixed: \t \n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges\n that allowed them to run commands with an arbitrary uid, could\n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-2666,SUSE-2019-2666,SUSE-OpenStack-Cloud-8-2019-2666,SUSE-OpenStack-Cloud-Crowbar-8-2019-2666,SUSE-SLE-DESKTOP-12-SP4-2019-2666,SUSE-SLE-SAP-12-SP3-2019-2666,SUSE-SLE-SDK-12-SP4-2019-2666,SUSE-SLE-SERVER-12-SP3-2019-2666,SUSE-SLE-SERVER-12-SP3-BCL-2019-2666,SUSE-SLE-SERVER-12-SP4-2019-2666,SUSE-Storage-5-2019-2666",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2666-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2666-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192666-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2666-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006015.html"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-15T11:15:41Z",
"generator": {
"date": "2019-10-15T11:15:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2666-1",
"initial_release_date": "2019-10-15T11:15:41Z",
"revision_history": [
{
"date": "2019-10-15T11:15:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.aarch64",
"product": {
"name": "sudo-1.8.20p2-3.14.1.aarch64",
"product_id": "sudo-1.8.20p2-3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.aarch64",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.aarch64",
"product_id": "sudo-devel-1.8.20p2-3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.aarch64",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.aarch64",
"product_id": "sudo-test-1.8.20p2-3.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.i586",
"product": {
"name": "sudo-1.8.20p2-3.14.1.i586",
"product_id": "sudo-1.8.20p2-3.14.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.i586",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.i586",
"product_id": "sudo-devel-1.8.20p2-3.14.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.i586",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.i586",
"product_id": "sudo-test-1.8.20p2-3.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.ppc64le",
"product": {
"name": "sudo-1.8.20p2-3.14.1.ppc64le",
"product_id": "sudo-1.8.20p2-3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.ppc64le",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.ppc64le",
"product_id": "sudo-devel-1.8.20p2-3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.ppc64le",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.ppc64le",
"product_id": "sudo-test-1.8.20p2-3.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.s390",
"product": {
"name": "sudo-1.8.20p2-3.14.1.s390",
"product_id": "sudo-1.8.20p2-3.14.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.s390",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.s390",
"product_id": "sudo-devel-1.8.20p2-3.14.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.s390",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.s390",
"product_id": "sudo-test-1.8.20p2-3.14.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.s390x",
"product": {
"name": "sudo-1.8.20p2-3.14.1.s390x",
"product_id": "sudo-1.8.20p2-3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.s390x",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.s390x",
"product_id": "sudo-devel-1.8.20p2-3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.s390x",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.s390x",
"product_id": "sudo-test-1.8.20p2-3.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.20p2-3.14.1.x86_64",
"product": {
"name": "sudo-1.8.20p2-3.14.1.x86_64",
"product_id": "sudo-1.8.20p2-3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.20p2-3.14.1.x86_64",
"product": {
"name": "sudo-devel-1.8.20p2-3.14.1.x86_64",
"product_id": "sudo-devel-1.8.20p2-3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.20p2-3.14.1.x86_64",
"product": {
"name": "sudo-test-1.8.20p2-3.14.1.x86_64",
"product_id": "sudo-test-1.8.20p2-3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.ppc64le"
},
"product_reference": "sudo-1.8.20p2-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.20p2-3.14.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.aarch64"
},
"product_reference": "sudo-devel-1.8.20p2-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.20p2-3.14.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.ppc64le"
},
"product_reference": "sudo-devel-1.8.20p2-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.20p2-3.14.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.s390x"
},
"product_reference": "sudo-devel-1.8.20p2-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-devel-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-devel-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.aarch64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.ppc64le"
},
"product_reference": "sudo-1.8.20p2-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.s390x"
},
"product_reference": "sudo-1.8.20p2-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.aarch64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le"
},
"product_reference": "sudo-1.8.20p2-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.s390x"
},
"product_reference": "sudo-1.8.20p2-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.aarch64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le"
},
"product_reference": "sudo-1.8.20p2-3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.s390x"
},
"product_reference": "sudo-1.8.20p2-3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.aarch64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.20p2-3.14.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.x86_64"
},
"product_reference": "sudo-1.8.20p2-3.14.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sudo-1.8.20p2-3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sudo-1.8.20p2-3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Enterprise Storage 5:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:sudo-devel-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud 8:sudo-1.8.20p2-3.14.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sudo-1.8.20p2-3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T11:15:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
suse-su-2019:2668-1
Vulnerability from csaf_suse
Published
2019-10-15 11:16
Modified
2019-10-15 11:16
Summary
Security update for sudo
Notes
Title of the patch
Security update for sudo
Description of the patch
This update for sudo provides the following fix:
Security issue fixed:
- CVE-2019-14287: Fixed an issue where a user with sudo privileges
that allowed them to run commands with an arbitrary uid, could
run commands as root, despite being forbidden to do so in sudoers
(bsc#1153674).
Other issues fixed:
- Cache resolved group names as calling getgrgid() is expensive and
on systems connected to AD with many users, groups or sudo rules
it causes sudo to take a long time to run (bsc#1068003).
- Disable insults by default at build time. For new installations this
was done via sudoers file, but when upgrading from previous versions
it would accidentally be enabled (bsc#1053911).
- Enable support for zlib compressed I/O logs (bsc#1058297).
Patchnames
SUSE-2019-2668,SUSE-SLE-SAP-12-SP1-2019-2668,SUSE-SLE-SERVER-12-SP1-2019-2668
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sudo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sudo provides the following fix:\n\nSecurity issue fixed: \n\n- CVE-2019-14287: Fixed an issue where a user with sudo privileges \n that allowed them to run commands with an arbitrary uid, could \n run commands as root, despite being forbidden to do so in sudoers\n (bsc#1153674).\n\nOther issues fixed: \n\n- Cache resolved group names as calling getgrgid() is expensive and \n on systems connected to AD with many users, groups or sudo rules \n it causes sudo to take a long time to run (bsc#1068003).\n- Disable insults by default at build time. For new installations this \n was done via sudoers file, but when upgrading from previous versions \n it would accidentally be enabled (bsc#1053911).\n- Enable support for zlib compressed I/O logs (bsc#1058297).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2668,SUSE-SLE-SAP-12-SP1-2019-2668,SUSE-SLE-SERVER-12-SP1-2019-2668",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2668-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2668-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192668-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2668-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053911",
"url": "https://bugzilla.suse.com/1053911"
},
{
"category": "self",
"summary": "SUSE Bug 1058297",
"url": "https://bugzilla.suse.com/1058297"
},
{
"category": "self",
"summary": "SUSE Bug 1068003",
"url": "https://bugzilla.suse.com/1068003"
},
{
"category": "self",
"summary": "SUSE Bug 1153674",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14287/"
}
],
"title": "Security update for sudo",
"tracking": {
"current_release_date": "2019-10-15T11:16:12Z",
"generator": {
"date": "2019-10-15T11:16:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2668-1",
"initial_release_date": "2019-10-15T11:16:12Z",
"revision_history": [
{
"date": "2019-10-15T11:16:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.aarch64",
"product": {
"name": "sudo-1.8.10p3-2.28.1.aarch64",
"product_id": "sudo-1.8.10p3-2.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.aarch64",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.aarch64",
"product_id": "sudo-devel-1.8.10p3-2.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.aarch64",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.aarch64",
"product_id": "sudo-test-1.8.10p3-2.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.i586",
"product": {
"name": "sudo-1.8.10p3-2.28.1.i586",
"product_id": "sudo-1.8.10p3-2.28.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.i586",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.i586",
"product_id": "sudo-devel-1.8.10p3-2.28.1.i586"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.i586",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.i586",
"product_id": "sudo-test-1.8.10p3-2.28.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.ppc64le",
"product": {
"name": "sudo-1.8.10p3-2.28.1.ppc64le",
"product_id": "sudo-1.8.10p3-2.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.ppc64le",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.ppc64le",
"product_id": "sudo-devel-1.8.10p3-2.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.ppc64le",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.ppc64le",
"product_id": "sudo-test-1.8.10p3-2.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.s390",
"product": {
"name": "sudo-1.8.10p3-2.28.1.s390",
"product_id": "sudo-1.8.10p3-2.28.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.s390",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.s390",
"product_id": "sudo-devel-1.8.10p3-2.28.1.s390"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.s390",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.s390",
"product_id": "sudo-test-1.8.10p3-2.28.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.s390x",
"product": {
"name": "sudo-1.8.10p3-2.28.1.s390x",
"product_id": "sudo-1.8.10p3-2.28.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.s390x",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.s390x",
"product_id": "sudo-devel-1.8.10p3-2.28.1.s390x"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.s390x",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.s390x",
"product_id": "sudo-test-1.8.10p3-2.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sudo-1.8.10p3-2.28.1.x86_64",
"product": {
"name": "sudo-1.8.10p3-2.28.1.x86_64",
"product_id": "sudo-1.8.10p3-2.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-devel-1.8.10p3-2.28.1.x86_64",
"product": {
"name": "sudo-devel-1.8.10p3-2.28.1.x86_64",
"product_id": "sudo-devel-1.8.10p3-2.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "sudo-test-1.8.10p3-2.28.1.x86_64",
"product": {
"name": "sudo-test-1.8.10p3-2.28.1.x86_64",
"product_id": "sudo-test-1.8.10p3-2.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-2.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.ppc64le"
},
"product_reference": "sudo-1.8.10p3-2.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-2.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-2.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-2.28.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.ppc64le"
},
"product_reference": "sudo-1.8.10p3-2.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-2.28.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.s390x"
},
"product_reference": "sudo-1.8.10p3-2.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sudo-1.8.10p3-2.28.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.x86_64"
},
"product_reference": "sudo-1.8.10p3-2.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14287"
}
],
"notes": [
{
"category": "general",
"text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14287",
"url": "https://www.suse.com/security/cve/CVE-2019-14287"
},
{
"category": "external",
"summary": "SUSE Bug 1153674 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1153674"
},
{
"category": "external",
"summary": "SUSE Bug 1156093 for CVE-2019-14287",
"url": "https://bugzilla.suse.com/1156093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:sudo-1.8.10p3-2.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:sudo-1.8.10p3-2.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T11:16:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14287"
}
]
}
fkie_cve-2019-14287
Vulnerability from fkie_nvd
Published
2019-10-17 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/14/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/24/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/29/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/09/14/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHBA-2019:3248 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3197 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3204 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3205 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3209 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3219 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3278 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3694 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3754 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3755 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3895 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3916 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3941 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:4191 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0388 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/ | ||
| cve@mitre.org | https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287 | Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Oct/20 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Oct/21 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202003-12 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191017-0003/ | Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K53746212?utm_source=f5support&%3Butm_medium=RSS | ||
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4154-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4543 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/15/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.sudo.ws/alerts/minus_1_uid.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/14/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/24/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/29/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/09/14/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:3248 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3197 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3204 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3205 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3209 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3219 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3278 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3754 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3755 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3895 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3916 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3941 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0388 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Oct/20 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Oct/21 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191017-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K53746212?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4154-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4543 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/15/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sudo.ws/alerts/minus_1_uid.html | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sudo_project | sudo | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| netapp | element_software_management_node | - | |
| redhat | openshift_container_platform | 4.1 | |
| redhat | virtualization | 4.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 6.5 | |
| redhat | enterprise_linux_server_aus | 6.6 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 7.2 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07F52D32-AC76-42B8-B59F-57D5E36010CB",
"versionEndExcluding": "1.8.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C66E6D-8AD2-4709-BD18-ED9EAF9D8546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command."
},
{
"lang": "es",
"value": "En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de pol\u00edticas y m\u00f3dulos PAM de sesi\u00f3n, y puede causar un registro incorrecto, mediante la invocaci\u00f3n sudo con un ID de usuario creado. Por ejemplo, esto permite la omisi\u00f3n de la configuraci\u00f3n root y el registro USER= para un comando \"sudo -u \\#$((0xffffffff))\"."
}
],
"id": "CVE-2019-14287",
"lastModified": "2024-11-21T04:26:22.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-17T18:15:12.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4154-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-33h3-qhjg-4qmf
Vulnerability from github
Published
2022-05-24 16:59
Modified
2024-04-04 02:30
Severity ?
VLAI Severity ?
Details
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.
{
"affected": [],
"aliases": [
"CVE-2019-14287"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T18:15:00Z",
"severity": "HIGH"
},
"details": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
"id": "GHSA-33h3-qhjg-4qmf",
"modified": "2024-04-04T02:30:46Z",
"published": "2022-05-24T16:59:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:3248"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2"
},
{
"type": "WEB",
"url": "https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/20"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/21"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191017-0003"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K53746212?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03976en_us"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4154-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4543"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2019/10/15/2"
},
{
"type": "WEB",
"url": "https://www.sudo.ws/alerts/minus_1_uid.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3204"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3205"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3278"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3754"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3755"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3895"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4191"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0388"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/14/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…