What is package Xinuossudo-1.9.12p2, sudo 1.9.12p2? KEYWORDS: Xinuossudo-1.9.12p2 Sudo 1.9.12p2 RELEASE: Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. ---------------------------------------------------------- Changes between Xinuossudo 1.9.7p2 and 1.9.12p2 * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. * Fixed CVE-2022-43995, a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication. See the /opt/xinuos/share/doc/packages/sudo/NEWS file for a list of major changes in this release. For a complete list of changes, see the /opt/xinuos/share/doc/packages/sudo/ChangeLog. ---------------------------------------------------------- Notes on upgrading from an older release * Upgrading from a version prior to 1.9.10: Sudo now interprets a command line argument in sudoers that begins with a '^' character as a regular expression. To start a command argument with a literal '^' character, it must be escaped with a backslash ('\'). This may result in a syntax error after upgrading for existing sudoers rules where the command line arguments begin with a '^'. A user may now only run "sudo -U otheruser -l" if they have a "sudo ALL" privilege where the RunAs user contains either "root" or "otheruser". Previously, having "sudo ALL" was sufficient, regardless of the RunAs user. ---------------------------------------------------------- I. Software Notes and Recommendations Xinuossudo should only be installed on: OpenServer 5 Definitive D2M1 with OSS726 version g or later ---------------------------------------------------------- II. Installation Instructions To install sudo-1.9.12p2 follow these steps: 1. Login as root 2. Download the Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz file and optionally the Xinuossudo-dev-1.9.12p2-OpenServer6D-i386.pkg.gz file to the /tmp directory on your machine. 3. After the download is complete, change to /tmp and run the following to command(s) to verify the integrity of the download: openssl sha256 Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz openssl sha256 Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz The output should be: SHA256(Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz)= 85d0a7badaf9a648b420e9f0196e2fac7b7c8872c0785e9e0740990d538a9890 SHA256(Xinuossudo-dev-1.9.12p2-OpenServer6D-i386.pkg.gz)= b8ddc648d58096875633068b36d158d2d5b4af2943f8f48cb95e8f3250d3203c 4. After verifying the sums match, As root, add the package to your system using these commands: $ su - Password: # gzcat Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz | pkgadd -d - Alternatively, this package may be installed in quiet mode by using these commands: $ su - Password: # gzcat Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz | pkgadd -qd - all If you are doing software development on sudo modules, repeat the steps for Xinuossudo-dev-1.9.12p2-OpenServer6D-i386.pkg.gz 5. Installation of package sudo-1.9.12p2 is now complete. 6. Once the installation has completed, you can remove or archive the sudo-1.9.12p2 file Xinuossudo-1.9.12p2-OpenServer6D-i386.pkg.gz downloaded in step 2. 7. There is no need to reboot the system after installing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary packages have been installed, it is good practice to reboot the system at the earlier opportunity. This will ensure that no programs continue to run with the old libraries or commands. ---------------------------------------------------------- III. Removal Instructions Note: Packages must be removed in the reverse order in which they were installed due to dependencies. 1. As root, remove the package using these commands: $ su - Password: # pkgrm Xinuossudo 2. There is no need to reboot the system after removing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary packages have been removed, it is good practice to reboot the system at the earlier opportunity. This will ensure that no programs continue to run with the old libraries or commands. If you have questions regarding this package, or the product on which it is installed, please contact your software supplier. ------------------------------------------------------------------------------- (C) Copyright 2023 Xinuos, Inc. All Rights Reserved.