Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1726)

The remote host is missing an update for the Huawei EulerOS 'sudo' package(s) announced via the EulerOS-SA-2021-1726 advisory.

A race condition vulnerability was found in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, this flaw allows a malicious user with sudoedit permissions to set the owner of an arbitrary file to the user ID of the target user, potentially leading to local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-23240) A flaw was found in sudoedit. A race condition vulnerability and improper symbolic link resolution could be used by a local unprivileged user to test for the existence of directories and files not normally accessible to the user. This flaw cannot be used to read the content or write to arbitrary files on the file system. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-23239)

'sudo' package(s) on Huawei EulerOS Virtualization release 2.9.1.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).