Sicherheit: Preisgabe von Informationen in sudo

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1631841233514504811==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="kthhF7S0aa0EgXB71pJRc376ogpua7GRl"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kthhF7S0aa0EgXB71pJRc376ogpua7GRl
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2533-1
March 16, 2015

sudo vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Sudo would allow unintended access to files.

Software Description:
- sudo: Provide limited super user privileges to specific users

Details:

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled
the TZ environment variable. An attacker with Sudo access could possibly
use this issue to open arbitrary files, bypassing intended permissions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
sudo 1.8.9p5-1ubuntu2.1
sudo-ldap 1.8.9p5-1ubuntu2.1

Ubuntu 14.04 LTS:
sudo 1.8.9p5-1ubuntu1.1
sudo-ldap 1.8.9p5-1ubuntu1.1

Ubuntu 12.04 LTS:
sudo 1.8.3p1-1ubuntu3.7
sudo-ldap 1.8.3p1-1ubuntu3.7

Ubuntu 10.04 LTS:
sudo 1.7.2p1-1ubuntu5.8
sudo-ldap 1.7.2p1-1ubuntu5.8

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2533-1
CVE-2014-9680

Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu2.1
https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.7
https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.8

--kthhF7S0aa0EgXB71pJRc376ogpua7GRl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVBt++AAoJEGVp2FWnRL6TgAsQAJ0p4PyPb2KknHgLOpPSUuuf
yhHK8chBKmBCo8ShXybwTQ+JH/WZpKv44fMXbQZr3GGZbEw+uAmcOqREE+dQ9r25
Q1VQUSqXLP9Gq0l7C/jeA6XOgsr6MD0Plz8yTWeCadu/cjObRCLHrwSfFvVMwgJC
zFS3bHc5wByvfwkcDzNbEiglUPYW27f00GZA67KYyVXoDu1r01JXdeGfapFYWsBk
Kbnz9Ol7MHfSLBdGik1Hy7BFVarw5VJApjGSlM9cyKoDhPfnodjwz3twPvQNRmAT
I3zVrbFOCNv93ecJRBdk1F+uSsPIp0xWseF6W96v42hxMbZzXVLVGnhY+63UUH/0
YIIxQs4NgIZJy91FoEOAjiruWDcnQcIU+UraMn6MDZJAyW9QY/62ESQhuh8PwUFG
EWu3ozy5Jgx0R0OocD88AUJj8jXz2BzUGW4dKSl6bNYxF7XM2xapieNCE1rsYW3S
RCxYLUysPJHTPIsAlRjwfX9xd6b1q4Tu3iWu83Qks8RgTwjumHasc/hNubhLJV4i
dzSieD/o0EE+YwP+5rWYLs1p/m2HBLsI1cCnMZgGn57tHWt2yUHAeIC37h0N2k8z
U7jk7gfH2FagVYKhZXc8j/ULMMA55pTF++kYmeqQ8SPTEz6tkjQ6KoBqOruBOg3y
X345iJsaJ1HtUDiqvKWM
=wYvN
-----END PGP SIGNATURE-----

--kthhF7S0aa0EgXB71pJRc376ogpua7GRl--

--===============1631841233514504811==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1631841233514504811==--