ASA-202102-8 log original external raw

[ASA-202102-8] opendoas: privilege escalation
Arch Linux Security Advisory ASA-202102-8 ========================================= Severity: High Date : 2021-02-06 CVE-ID : CVE-2019-25016 Package : opendoas Type : privilege escalation Remote : No Link : Summary ======= The package opendoas before version 6.8.1-2 is vulnerable to privilege escalation. Resolution ========== Upgrade to 6.8.1-2. # pacman -Syu "opendoas>=6.8.1-2" The problem has been fixed upstream in version 6.8.1. Workaround ========== None. Description =========== A security issue has been found in OpenDoas before 6.8.1, where rules that allowed the user to execute any command would inherit the executing user's PATH instead of resetting it to a default PATH. Rules that limit the user to execute only a specific command are not affected by this and are only executed from the default PATH and with the PATH environment variable set to the safe default. Impact ====== A local user might be able to escalate privileges. References ==========