Accepted sudo 1.6.8p5-1ubuntu3 (source)
Martin Pitt
martin.pitt at ubuntu.com
Tue Jun 21 06:55:07 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 21 Jun 2005 13:41:05 +0200
Source: sudo
Binary: sudo
Architecture: source
Version: 1.6.8p5-1ubuntu3
Distribution: breezy
Urgency: low
Maintainer: Bdale Garbee <bdale at gag.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
sudo - Provide limited super user privileges to specific users
Changes:
sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
.
* SECURITY UPDATE: Fix privilege escalation.
* sudo.c, parse.yacc: safe_cmd contains the actually executed program which
is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
entries that follow the matching entry, safe_cmd was overwritten with the
path the user specified on the command line, which opens up the
possibility of executing arbitrary commands by generating symlinks to
them.
* References:
CAN-2005-1993
http://www.securityfocus.com/archive/1/402741
Files:
a31dcdfcbd5e60b9eb2862ccd7899ff9 581 admin optional sudo_1.6.8p5-1ubuntu3.dsc
f6ca2165fcaec5105ed1b66c1a2660c2 23454 admin optional sudo_1.6.8p5-1ubuntu3.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCt/3/DecnbV4Fd/IRAu4oAKCtkgEdttkUj58iZWBV7KeVrfnFTQCfatO+
K8a1fIRqQYjMQ5Yhlsyc0Q8=
=f/es
-----END PGP SIGNATURE-----
Accepted:
sudo_1.6.8p5-1ubuntu3.diff.gz
to pool/main/s/sudo/sudo_1.6.8p5-1ubuntu3.diff.gz
sudo_1.6.8p5-1ubuntu3.dsc
to pool/main/s/sudo/sudo_1.6.8p5-1ubuntu3.dsc
More information about the breezy-changes
mailing list