We are now shipping Update to OES 2018 SP1 and OES 2018 SP2 including a fix for this vulnerability.
The Qualys research team has discovered a buffer overflow vulnerability in sudo, allowing any local user to gain root privileges without authentication.
We recognize that the systems running OES 2018 SP1 on SLES 12 SP3 and OES 2018 SP2 on SLES 12 SP5 are affected by the vulnerability.
An update to address the vulnerability was made available by SUSE on SLES 12 SP3 LTSS and SLES 12 SP5 this week. We will ship the same to our customers running OES 2018 SP1/SP2 over the channels in the following week along with the quarterly updates due on these platforms.
The quarterly maintenance updates include fixes for the customer issues. We also ship base operating system(SLES) updates, after thorough validation against OES services, on a per-month basis on supported platforms.
Please watch out this space for more updates, and thank you for your patience.
If you have any questions, please write to me on girish dot ks at microfocus dot com.