Slackware 1133 Published by

A sudo (SSA:2023-311-01) security update has been released for Slackware 14.0, 14.1, 14.2, 15.0, and -current.



sudo (SSA:2023-311-01)


sudo (SSA:2023-311-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.9.15-i586-1_slack15.0.txz: Upgraded.
The sudoers plugin has been modified to make it more resilient to ROWHAMMER
attacks on authentication and policy matching.
The sudoers plugin now constructs the user time stamp file path name using
the user-ID instead of the user name. This avoids a potential problem with
user names that contain a path separator ('/') being interpreted as part of
the path name.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42465
https://www.cve.org/CVERecord?id=CVE-2023-42456
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.9.15-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.9.15-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.9.15-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.9.15-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.9.15-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.15-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/sudo-1.9.15-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.9.15-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.9.15-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 14.0 package:
41eaa419c635bcc57b5fbdc5721bb35f sudo-1.9.15-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
414ed3ca815363445f81161872cf8fc9 sudo-1.9.15-x86_64-1_slack14.0.txz

Slackware 14.1 package:
2d6c30e0c80a8ee87d2598df5df56dc8 sudo-1.9.15-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
0a42f5a17f76f2c38bfdd6f654dd1360 sudo-1.9.15-x86_64-1_slack14.1.txz

Slackware 14.2 package:
1d5b5d3432033dea48549612546a5aa4 sudo-1.9.15-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
eb20f940540160ad2f9fc8ac4aa90a39 sudo-1.9.15-x86_64-1_slack14.2.txz

Slackware 15.0 package:
816e1d885ff9c4f3f241cd7601f9c476 sudo-1.9.15-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
8274b3b03bd735ca8ae14a6c3a658127 sudo-1.9.15-x86_64-1_slack15.0.txz

Slackware -current package:
893214566e3e9dbeb80bae0a0b08ec20 ap/sudo-1.9.15-i586-1.txz

Slackware x86_64 -current package:
8788eee56c97fde7df4f02dc9d22673c ap/sudo-1.9.15-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg sudo-1.9.15-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key