RHEL 9.7.0 ERRATUM

- CVE-2025-32462 sudo: LPE via host option Resolves: RHEL-100020 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2025-06-26 10:31:40 +02:00 · 2025-06-26 10:31:40 +02:00 · 01f6b7b803
commit 01f6b7b803
parent 2cfb2ec793
2 changed files with 28 additions and 3 deletions
--- a/sudo-1.9.17-CVE-2025-32462.patch
+++ b/sudo-1.9.17-CVE-2025-32462.patch
@ -0,0 +1,22 @@
+diff -up ./plugins/sudoers/sudoers.c.cve-host ./plugins/sudoers/sudoers.c
+--- ./plugins/sudoers/sudoers.c.cve-host	2025-06-25 14:10:11.369219892 +0200
+++ ./plugins/sudoers/sudoers.c	2025-06-25 14:11:48.395137626 +0200
+@@ -393,6 +393,18 @@ sudoers_policy_main(int argc, char * con
+ 	}
+     }
+ 
+    /* The user may only specify a host for "sudo -l". */
+    if (!ISSET(sudo_mode, MODE_LIST|MODE_CHECK)) {
+       if (strcmp(user_runhost, user_host) != 0) {
+           log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
+               N_("user not allowed to set remote host for command"));
+           sudo_warnx("%s",
+               U_("a remote host may only be specified when listing privileges."));
+           ret = false;
+           goto done;
+       }
+    }
+
+     /* If given the -P option, set the "preserve_groups" flag. */
+     if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
+ 	def_preserve_groups = true;
--- a/sudo.spec
+++ b/sudo.spec
@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.9.5p2
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: ISC
 URL: https://www.sudo.ws

@ -48,6 +48,7 @@ Patch18: linker.patch

 Patch19: sudo-1.9.15-CVE-2023-42465.patch
 Patch20: sudo-separator.patch
+Patch21: sudo-1.9.17-CVE-2025-32462.patch

 %description
 Sudo (superuser do) allows a system administrator to give certain
@ -101,8 +102,8 @@ BuildRequires:  python3-devel

 %patch -P 18 -p1 -b .linker
 %patch -P 19 -p1 -b .rowhammer
-
 %patch -P 20 -p1 -b .separator
+%patch -P 21 -p1 -b .cve-host


 %build
@ -278,10 +279,12 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so

 %changelog
-* Fri Apr 25 2025 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-12
+* Fri Apr 25 2025 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-13
 RHEL: 9.7.0 ERRATUM
 - sudo missing spacing and separator in log when using "--preserve-env=list"
 Resolves: RHEL-71916
+- CVE-2025-32462 sudo: LPE via host option
+Resolves: RHEL-100020

 * Mon Jan 22 2024 Radovan Sroka <rsroka@redhat.com> - 1.9.5p2-10
 RHEL 9.3.0.Z ERRATUM