[Bug 1000276] Re: [Quantal] sudo is vulnerable to CVE-2012-2337
Launchpad Bug Tracker
1000276 at bugs.launchpad.net
Fri May 18 21:05:21 UTC 2012
This bug was fixed in the package sudo - 1.8.3p1-1ubuntu5
---------------
sudo (1.8.3p1-1ubuntu5) quantal; urgency=low
* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
values (LP: #1000276)
- debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
addresses. Based on upstream patch.
- CVE-2012-2337
-- Tyler Hicks <tyhicks at canonical.com> Wed, 16 May 2012 09:42:17 -0500
** Changed in: sudo (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2337
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1000276
Title:
[Quantal] sudo is vulnerable to CVE-2012-2337
Status in “sudo” package in Ubuntu:
Fix Released
Bug description:
The upstream advisory contains a clear description:
http://www.sudo.ws/sudo/alerts/netmask.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1000276/+subscriptions
More information about the foundations-bugs
mailing list