HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alibob

no profile record

comments

alibob
·4 anni fa·discuss
<https://news.ycombinator.com/item?id=33467522>

Got it. Linux distributions (ex. RHEL) have --with-pam in configure, so not vulnerable (code not compiled). (If you have --with-passwd in configure, then passwd.c is compiled, and you are vulnerable, but Linux distributions do not do this.)

<https://ubuntu.com/security/CVE-2022-43995>

  sudo packages in Ubuntu are compiled with PAM support, so the vulnerable code isn't part of the binaries.
  Not vulnerable (code not compiled)
alibob
·4 anni fa·discuss
Why is "sudo 1.8.0 through 1.9.12" affected, but rhel8 shipping sudo 1.8.29 and rhel9 shipping sudo 1.9.5, are not affected?

<https://access.redhat.com/security/cve/CVE-2022-43995>

  Description:
  ... Sudo 1.8.0 through 1.9.12 ...
  Statement:
  The sudo package as distributed with Red Hat Enterprise Linux 7, 8 and 9 is not affected by this issue as it currently doesn't ship the affected code.
<https://access.redhat.com/downloads/content/sudo/x86_64/pack...>

  1.9.5p2-7.el9
  1.8.29-8.el8