drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in sudo
Name: |
Preisgabe von Informationen in sudo |
|
ID: |
USN-2533-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Mo, 16. März 2015, 18:53 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680 |
|
Applikationen: |
sudo |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1631841233514504811== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kthhF7S0aa0EgXB71pJRc376ogpua7GRl"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kthhF7S0aa0EgXB71pJRc376ogpua7GRl Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2533-1 March 16, 2015
sudo vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Sudo would allow unintended access to files.
Software Description: - sudo: Provide limited super user privileges to specific users
Details:
Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: sudo 1.8.9p5-1ubuntu2.1 sudo-ldap 1.8.9p5-1ubuntu2.1
Ubuntu 14.04 LTS: sudo 1.8.9p5-1ubuntu1.1 sudo-ldap 1.8.9p5-1ubuntu1.1
Ubuntu 12.04 LTS: sudo 1.8.3p1-1ubuntu3.7 sudo-ldap 1.8.3p1-1ubuntu3.7
Ubuntu 10.04 LTS: sudo 1.7.2p1-1ubuntu5.8 sudo-ldap 1.7.2p1-1ubuntu5.8
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2533-1 CVE-2014-9680
Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu2.1 https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.7 https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.8
--kthhF7S0aa0EgXB71pJRc376ogpua7GRl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVBt++AAoJEGVp2FWnRL6TgAsQAJ0p4PyPb2KknHgLOpPSUuuf yhHK8chBKmBCo8ShXybwTQ+JH/WZpKv44fMXbQZr3GGZbEw+uAmcOqREE+dQ9r25 Q1VQUSqXLP9Gq0l7C/jeA6XOgsr6MD0Plz8yTWeCadu/cjObRCLHrwSfFvVMwgJC zFS3bHc5wByvfwkcDzNbEiglUPYW27f00GZA67KYyVXoDu1r01JXdeGfapFYWsBk Kbnz9Ol7MHfSLBdGik1Hy7BFVarw5VJApjGSlM9cyKoDhPfnodjwz3twPvQNRmAT I3zVrbFOCNv93ecJRBdk1F+uSsPIp0xWseF6W96v42hxMbZzXVLVGnhY+63UUH/0 YIIxQs4NgIZJy91FoEOAjiruWDcnQcIU+UraMn6MDZJAyW9QY/62ESQhuh8PwUFG EWu3ozy5Jgx0R0OocD88AUJj8jXz2BzUGW4dKSl6bNYxF7XM2xapieNCE1rsYW3S RCxYLUysPJHTPIsAlRjwfX9xd6b1q4Tu3iWu83Qks8RgTwjumHasc/hNubhLJV4i dzSieD/o0EE+YwP+5rWYLs1p/m2HBLsI1cCnMZgGn57tHWt2yUHAeIC37h0N2k8z U7jk7gfH2FagVYKhZXc8j/ULMMA55pTF++kYmeqQ8SPTEz6tkjQ6KoBqOruBOg3y X345iJsaJ1HtUDiqvKWM =wYvN -----END PGP SIGNATURE-----
--kthhF7S0aa0EgXB71pJRc376ogpua7GRl--
--===============1631841233514504811== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1631841233514504811==--
|
|
|
|