import sudo-1.8.29-10.el8

This commit is contained in:
CentOS Sources 2023-05-16 06:17:14 +00:00 committed by root
parent e879763e7b
commit aa5f31f663
2 changed files with 36 additions and 5 deletions

View File

@ -0,0 +1,26 @@
From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001
From: Tim Shearer <timtimminz@gmail.com>
Date: Tue, 2 Aug 2022 08:48:32 -0400
Subject: [PATCH] Fix incorrect SHA384/512 digest calculation.
Resolves an issue where certain message sizes result in an incorrect
checksum. Specifically, when:
(n*8) mod 1024 == 896
where n is the file size in bytes.
---
lib/util/sha2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/util/sha2.c b/lib/util/sha2.c
index b7a28cca8..f769f77f2 100644
--- a/lib/util/sha2.c
+++ b/lib/util/sha2.c
@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
SHA512Update(ctx, (uint8_t *)"\200", 1);
/* Pad message such that the resulting length modulo 1024 is 896. */
- while ((ctx->count[0] & 1008) != 896)
+ while ((ctx->count[0] & 1016) != 896)
SHA512Update(ctx, (uint8_t *)"\0", 1);
/* Append length of message in bits and do final SHA512Transform(). */

View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.29 Version: 1.8.29
Release: 8%{?dist}.1 Release: 10%{?dist}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: https://www.sudo.ws/ URL: https://www.sudo.ws/
@ -76,7 +76,9 @@ Patch21: sudo-1.9.7-krb5ccname.patch
# 1986572 - utmp resource leak in sudo # 1986572 - utmp resource leak in sudo
Patch22: sudo-1.9.7-utmp-leak.patch Patch22: sudo-1.9.7-utmp-leak.patch
# 2161220 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.7.0] # 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
Patch23: sha-digest-calc.patch
# 2161221 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.8.0]
Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch
Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch
Patch26: sudo-1.9.12-CVE-2023-22809.patch Patch26: sudo-1.9.12-CVE-2023-22809.patch
@ -133,6 +135,7 @@ plugins that use %{name}.
%patch21 -p1 -b .krb5ccname %patch21 -p1 -b .krb5ccname
%patch22 -p1 -b .utmp-leak %patch22 -p1 -b .utmp-leak
%patch23 -p1 -b .sha-digest
%patch24 -p1 -b .whitelist %patch24 -p1 -b .whitelist
%patch25 -p1 -b .backports %patch25 -p1 -b .backports
%patch26 -p1 -b .cve %patch26 -p1 -b .cve
@ -295,10 +298,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8* %{_mandir}/man8/sudo_plugin.8*
%changelog %changelog
* Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.8.1 * Wed Jan 11 2023 Radovan Sroka <rsroka@redhat.com> - 1.8.29.9
RHEL 8.7.0.Z ERRATUM RHEL 8.8.0 ERRATUM
- CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user
Resolves: rhbz#2161220 Resolves: rhbz#2161221
- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384)
Resolves: rhbz#2114576
* Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8 * Mon Dec 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.29-8
RHEL 8.6.0 ERRATUM RHEL 8.6.0 ERRATUM