[ubuntu/lucid-security] sudo, sudo (delayed) 1.7.2p1-1ubuntu5.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Jan 20 15:10:58 UTC 2011 

sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low

  * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
    - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
      48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
      only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
      Going forward, will need to look at this code also if a flaw is found in
      this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
      and 6ebc55d4716b.
    - check.c: prompt for password when the user is running sudo as himself
      but as a different group. Backported from fe8a94f96542.
    - CVE-2011-0010

Date: Wed, 19 Jan 2011 10:39:09 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/sudo/1.7.2p1-1ubuntu5.3
-------------- next part --------------
Format: 1.8
Date: Wed, 19 Jan 2011 10:39:09 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.7.2p1-1ubuntu5.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Changes: 
 sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: privilege escalation via -g when using group Runas_List
     - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
       48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
       only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
       Going forward, will need to look at this code also if a flaw is found in
       this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
       and 6ebc55d4716b.
     - check.c: prompt for password when the user is running sudo as himself
       but as a different group. Backported from fe8a94f96542.
     - CVE-2011-0010
Checksums-Sha1: 
 95f1390dd52c8f87bf601e8e5d94e13682ed11a9 1771 sudo_1.7.2p1-1ubuntu5.3.dsc
 e55bcd8845aee67eea0765c036dd5d1dc915ff04 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz
Checksums-Sha256: 
 36ade179324638c9539183c8a81924f2563f0ece7d7073dc58a0f6656558117f 1771 sudo_1.7.2p1-1ubuntu5.3.dsc
 bbe7e00b44e953b48f937343e2280c005e889acf7f2172d67d36ba6e5d48022c 27664 sudo_1.7.2p1-1ubuntu5.3.diff.gz
Files: 
 0254600b76a959ce7f4751487e8aba1c 1771 admin optional sudo_1.7.2p1-1ubuntu5.3.dsc
 1d366b7edf66dcb6ab3a0aef6543677b 27664 admin optional sudo_1.7.2p1-1ubuntu5.3.diff.gz
Original-Maintainer: Bdale Garbee <bdale at gag.com>

More information about the Lucid-changes mailing list