--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-162750 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162750 2006-02-17 --------------------------------------------------------------------- Name : sudo Versions : rh7.3: sudo-1.6.5p2-2.3.legacy Versions : rh9: sudo-1.6.6-3.3.legacy Versions : fc1: sudo-1.6.7p5-2.3.legacy Versions : fc2: sudo-1.6.7p5-26.2.legacy Summary : Allows restricted root access for specified users. Description : Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. --------------------------------------------------------------------- Update Information: An updated sudo package is available that fixes a race condition in sudo's pathname validation. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. A race condition bug was found in the way sudo handles pathnames. It is possible that a local user with limited sudo access could create a race condition that would allow the execution of arbitrary commands as the root user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1993 to this issue. Users of sudo should update to this updated package, which contains a backported patch and is not vulnerable to this issue. --------------------------------------------------------------------- Changelogs rh73: * Mon Feb 13 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.5p2-2.3.legacy - Fix CVE-2005-1993 sudo trusted user arbitrary command execution rh9: * Mon Feb 13 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.6-3.3.legacy - Fix CVE-2005-1993 sudo trusted user arbitrary command execution fc1: * Wed Feb 15 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.7p5-2.3.legacy - Fix CVE-2005-1993 sudo trusted user arbitrary command execution fc2: * Thu Feb 16 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.7p5-26.2.legacy - Added missing libselinux-devel to BuildRequires * Wed Feb 15 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.7p5-26.1.legacy - Fix CVE-2005-1993 sudo trusted user arbitrary command execution --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 5eed8171a2be78f8a03de987b86220b1c8ecb9d4 redhat/7.3/updates-testing/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm f1fdc4b82456cf66f89764ec7f9c0909a0603805 redhat/7.3/updates-testing/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm rh9: 7a84e2d96bba56142ca8c6dec2603577e31b2072 redhat/9/updates-testing/i386/sudo-1.6.6-3.3.legacy.i386.rpm 4aca97be1c9e5f61efa1165955eb219fce3af70e redhat/9/updates-testing/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm fc1: 4e7b55e41c355e51b4cdd3a820a6d5c94df43fdc fedora/1/updates-testing/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm 6843f6ee7792e8c63f1034107a4a4e464a613798 fedora/1/updates-testing/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm fc2: 954a6e7098b7e86e7bc1f1532a72f8a3dab32380 fedora/2/updates-testing/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm 82c884d6bcff123dd510ffdb8a0d81ce63606364 fedora/2/updates-testing/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
