[ubuntu/karmic-security] sudo, sudo (delayed) 1.7.0-1ubuntu2.6 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Jan 20 15:11:04 UTC 2011 

sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low

  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
    - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
      48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
      only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
      Going forward, will need to look at this code also if a flaw is found in
      this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
      and 6ebc55d4716b.
    - check.c: prompt for password when the user is running sudo as himself
      but as a different group. Based on fe8a94f96542.
    - CVE-2011-0010

Date: Wed, 19 Jan 2011 10:46:05 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/sudo/1.7.0-1ubuntu2.6
-------------- next part --------------
Format: 1.8
Date: Wed, 19 Jan 2011 10:46:05 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.7.0-1ubuntu2.6
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Changes: 
 sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low
 .
   * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
     - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
       48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
       only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
       Going forward, will need to look at this code also if a flaw is found in
       this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
       and 6ebc55d4716b.
     - check.c: prompt for password when the user is running sudo as himself
       but as a different group. Based on fe8a94f96542.
     - CVE-2011-0010
Checksums-Sha1: 
 968202b78a8ee08ed8668abb93279ed3bbf6fa9c 1757 sudo_1.7.0-1ubuntu2.6.dsc
 9c5f6aba2845fa9308b6081dcb2c3898bb40b49f 26877 sudo_1.7.0-1ubuntu2.6.diff.gz
Checksums-Sha256: 
 8fed3d27452d841a94445c4213fee5425e9b2736a1d3e54a8aec998488f7c87f 1757 sudo_1.7.0-1ubuntu2.6.dsc
 3914634dff3c68f94082303340f7b7bef27b166ff493ad91256ff06830533a18 26877 sudo_1.7.0-1ubuntu2.6.diff.gz
Files: 
 41c6991abbfea6b7cbe6708ab07d2186 1757 admin optional sudo_1.7.0-1ubuntu2.6.dsc
 0a131d32d3d6cb4810b95ba5421346b6 26877 admin optional sudo_1.7.0-1ubuntu2.6.diff.gz
Original-Maintainer: Bdale Garbee <bdale at gag.com>

More information about the Karmic-changes mailing list