[Buildroot] [PATCH v2,1/1] package/sudo: fix CVE-2022-43995
Peter Korsgaard
peter at korsgaard.com
Mon Nov 14 10:38:51 UTC 2022
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a
> plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result
> in a heap-based buffer over-read. This can be triggered by arbitrary
> local users with access to Sudo by entering a password of seven
> characters or fewer. The impact could vary depending on the compiler and
> processor architecture.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> Changes v1 -> v2:
> - Add upstream patch
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list