Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Related bugs and status

CVE-2017-1000368 (Candidate) is related to these bugs:

Bug #1697587: Please merge sudo (main) 1.8.20p2-1 from Debian unstable (main)

Summary				In	Importance	Status
	1697587	Please merge sudo (main) 1.8.20p2-1 from Debian unstable (main)		sudo (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.sudo.ws/al...
BID: 98838
GENTOO: GLSA-201710-04
CONFIRM: https://kc.mcafee.com/...
REDHAT: RHSA-2017:1574
UBUNTU: USN-3968-1
UBUNTU: USN-3968-2