[ubuntu/lucid-security] sudo, sudo (delayed) 1.7.2p1-1ubuntu5.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Jan 20 15:10:58 UTC 2011
sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010
Date: Wed, 19 Jan 2011 10:39:09 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/sudo/1.7.2p1-1ubuntu5.3
-------------- next part --------------
Format: 1.8
Date: Wed, 19 Jan 2011 10:39:09 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.7.2p1-1ubuntu5.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Changes:
sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low
.
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Backported from fe8a94f96542.
- CVE-2011-0010
Checksums-Sha1:
95f1390dd52c8f87bf601e8e5d94e13682ed11a9 1771 sudo_1.7.2p1-1ubuntu5.3.dsc
e55bcd8845aee67eea0765c036dd5d1dc915ff04 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz
Checksums-Sha256:
36ade179324638c9539183c8a81924f2563f0ece7d7073dc58a0f6656558117f 1771 sudo_1.7.2p1-1ubuntu5.3.dsc
bbe7e00b44e953b48f937343e2280c005e889acf7f2172d67d36ba6e5d48022c 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz
Files:
0254600b76a959ce7f4751487e8aba1c 1771 admin optional sudo_1.7.2p1-1ubuntu5.3.dsc
1d366b7edf66dcb6ab3a0aef6543677b 27664 admin optional sudo_1.7.2p1-1ubuntu5.3.diff.gz
Original-Maintainer: Bdale Garbee <bdale at gag.com>
More information about the Lucid-changes
mailing list