From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bXH4t75cxz32d8 for ; Wed, 2 Jul 2025 11:01:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bXH4q37rGz2y36 for ; Wed, 2 Jul 2025 11:00:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bXH4p6g5LzTd; Wed, 2 Jul 2025 11:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751454059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=otSVnjhIbDsP/MO+3Rktz186tm8UyAWTjdfQiKvgh/k=; b=Nut57dJI6TrPRZzxFRPwWxJTM8od1pzwfj7+vqhAxUBXgXPCVMUUQ4mAGjKIRuXvxUm3vV 38rNr6gT2JU67TxHzg5yB7ESmAljteFaCQibXjnDgzlBJuVZ1E9owqAYn7vjCh4IbrLcJq QVtYkJz3p5s2FOmJxqBEaF8O6xt11kz6ZcjxERHb5dowyZrb6VAH2G1ocWXag6C9JcgQ9g hYPoR2xOpKK/JC2NpwgvstwPMSO3HwqDXEutQ4K2BMtlsB4cLZQJE3SUwSD3Zd2F/kVlYJ dUVoXMNZvx4SxEBrLq4eyqjsFXg/tUmHIxW06VGbxLgr7knblOR7yJMyNHdbuQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751454059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=otSVnjhIbDsP/MO+3Rktz186tm8UyAWTjdfQiKvgh/k=; b=fkdeW4hP07jPyEgX1zH9eMJt7O6cFEVdOVg89HTJda1KPTd/ZT7b68JUJY3VjHhVOPOpIL 4xLqeTb+dRVcSvDQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] sudo: Update to version 1.9.17p1 Date: Wed, 2 Jul 2025 13:00:55 +0200 Message-ID: <20250702110055.3311469-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 1.9.17 to 1.9.17p1 - Update of rootfile not required - Changelog 1.9.17p1 * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the user to run commands on a different host. * Fixed CVE-2025-32463. An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The chroot support has been deprecated an will be removed entirely in a future release. Signed-off-by: Adolf Belka --- lfs/sudo | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/sudo b/lfs/sudo index 51bf0ada0..c2c221417 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@ include Config -VER = 1.9.17 +VER = 1.9.17p1 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d9f2e0d8bca5d5dba5f78a9c064454032038fa60dae022ce72dd0d262bc4bd756fcc5a8e5b0ab4e179c3786fc86a401f7f1ba6d45ca4fe02e43d5cacb1e7f022 +$(DL_FILE)_BLAKE2 = 21771348a8de392767c366bb938951327dcc64a4cedee716a802435899e5135c218468271833a9e3ab9d90bda29e36c0870e27dd333d3a5c64fb8e3a5ebbff58 install : $(TARGET) -- 2.50.0