openSUSE Security Update : sudo (openSUSE-2017-744)
High Nessus Plugin ID 101137
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for sudo fixes the following security issue :
- CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146)
Also the following non security bug was fixed :
- Link the 'system_group' plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
SolutionUpdate the affected sudo packages.