drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Umgebungsvariablen in sudo
Name: |
Mangelnde Prüfung von Umgebungsvariablen in sudo |
|
ID: |
SSA:2014-064-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37 |
|
Datum: |
Do, 6. März 2014, 08:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106 |
|
Applikationen: |
sudo |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] sudo (SSA:2014-064-01)
New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a security issue.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/sudo-1.7.10p8-i486-1_slack13.37.txz: Upgraded. This update fixes a security issue where if the env_reset option is disabled in the sudoers file, a malicious user with sudo permissions may be able to run arbitrary commands with elevated privileges by manipulating the environment of a command the user is legitimately allowed to run. For more information, see: http://www.sudo.ws/sudo/alerts/env_add.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: sudo-1.7.10p8-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: sudo-1.7.10p8-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: sudo-1.7.10p8-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: sudo-1.7.10p8-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: sudo-1.7.10p8-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: sudo-1.7.10p8-x86_64-1_slack13.37.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 88d8b8a0c6815276e62dbea65f79826f sudo-1.7.10p8-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5adb3f0aca3ffbfbc0bb016caf4fc941 sudo-1.7.10p8-x86_64-1_slack13.0.txz
Slackware 13.1 package: eabca3bc1791d8938b89692ddf70469f sudo-1.7.10p8-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 5d409a3bd4477bc4220fbc034a9870e6 sudo-1.7.10p8-x86_64-1_slack13.1.txz
Slackware 13.37 package: 2639bf065078bf1d68ebdd7357b9e65a sudo-1.7.10p8-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 9c263bcd7211ad77c54155fd159b09ec sudo-1.7.10p8-x86_64-1_slack13.37.txz
Installation instructions: +------------------------+
Upgrade the package as root: # upgradepkg sudo-1.7.10p8-i486-1_slack13.37.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlMYBIsACgkQakRjwEAQIjPpoACfdN8Bb/PEomtDQiIW/lVv7IgH hrYAn1Q6qiuzngsJYmSw4rv/douafmRp =bqtR -----END PGP SIGNATURE-----
|
|
|
|