Bugzilla – Activity log for bug 1039361: EMU: VUL-0: CVE-2017-1000367: sudo: path traversal race conditions

• Home
• | New
• | Browse
• | Search
• |
  [?]
• | Reports
• | Requests
• | Forgot Password

Back to bug 1039361

Who	When	What	Removed	Added
swamp	2017-05-16 22:12:21 UTC	Priority	P5 - None	P3 - Medium
meissner	2017-05-18 08:11:21 UTC	CC		meissner
		Assignee	security-team	kstreitova
vcizek	2017-05-19 14:28:51 UTC	Assignee	kstreitova	emu
		Summary	VUL-0: EMBARGOED: sudo: Qualys new root/setuid privilege escalation method 05-2017	EMU: VUL-0: EMBARGOED: sudo: Qualys new root/setuid privilege escalation method 05-2017
vcizek	2017-05-19 14:46:33 UTC	CC		kstreitova
swamp	2017-05-20 06:36:47 UTC	Whiteboard		maint:planned:update
vcizek	2017-05-21 20:05:22 UTC	Status	NEW	IN_PROGRESS
vcizek	2017-05-22 11:56:12 UTC	Comment 7 is private	1	0
astieger	2017-05-22 17:23:16 UTC	URL		https://smash.suse.de/issue/185360/
		CC		astieger
meissner	2017-05-22 18:47:53 UTC	Summary	EMU: VUL-0: EMBARGOED: sudo: Qualys new root/setuid privilege escalation method 05-2017	EMU: VUL-0: EMBARGOED: sCVE-2017-1000367: udo: Qualys new root/setuid privilege escalation method 05-2017
		Alias		CVE-2017-1000367
meissner	2017-05-22 18:55:12 UTC	Summary	EMU: VUL-0: EMBARGOED: sCVE-2017-1000367: udo: Qualys new root/setuid privilege escalation method 05-2017	EMU: VUL-0: EMBARGOED: CVE-2017-1000367: sudo: Qualys new root/setuid privilege escalation method 05-2017
smash_bz	2017-05-22 23:39:22 UTC	Whiteboard	maint:planned:update	maint:planned:update CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
swamp	2017-05-23 14:41:16 UTC	Whiteboard	maint:planned:update CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) ibs:running:4837:important ibs:running:4836:important
meissner	2017-05-24 06:10:36 UTC	Depends on	1037551
		Summary	EMU: VUL-0: EMBARGOED: CVE-2017-1000367: sudo: Qualys new root/setuid privilege escalation method 05-2017	EMU: VUL-0: EMBARGOED: CVE-2017-1000367: sudo: path traversal race conditions
astieger	2017-05-26 08:07:49 UTC	CC		christos.varelas
simonf.lees	2017-05-29 08:05:07 UTC	CC		simonf.lees
meissner	2017-05-30 15:23:37 UTC	Summary	EMU: VUL-0: EMBARGOED: CVE-2017-1000367: sudo: path traversal race conditions	EMU: VUL-0: CVE-2017-1000367: sudo: path traversal race conditions
smash_bz	2017-05-30 17:03:44 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) ibs:running:4837:important ibs:running:4836:important	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) ibs:running:4837:important ibs:running:4836:important CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
swamp	2017-05-30 22:37:42 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) ibs:running:4837:important ibs:running:4836:important CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
swamp	2017-05-30 22:38:18 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) obs:running:6811:important
meissner	2017-05-31 06:12:47 UTC	Status	IN_PROGRESS	RESOLVED
		Resolution	---	FIXED
swamp	2017-05-31 06:35:29 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) obs:running:6811:important	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
vcizek	2017-05-31 08:21:08 UTC	CC	emu
		Assignee	emu	security-team
meissner	2017-06-01 09:56:04 UTC	Blocks		1042146
smash_bz	2017-06-06 14:26:59 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
smash_bz	2017-06-08 22:20:59 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C)
smash_bz	2017-06-09 08:21:51 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
smash_bz	2017-06-09 17:24:02 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C)
meissner	2017-06-20 09:22:31 UTC	Group	SUSE Security Internal, novellonly
smash_bz	2017-06-24 02:11:45 UTC	Whiteboard	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C)	CVSSv2:SUSE:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000367:8.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:SUSE:CVE-2017-1000368:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2017-1000367:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:SUSE:CVE-2017-1000368:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2017-1000367:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Back to bug 1039361

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Requests
  • | Forgot Password
• Legal:
• openSUSE
• SUSE