Fedora Legacy Test Update Notification: sudo

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Feb 17 21:27:35 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-162750
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162750
2006-02-17
---------------------------------------------------------------------

Name        : sudo
Versions    : rh7.3: sudo-1.6.5p2-2.3.legacy
Versions    : rh9: sudo-1.6.6-3.3.legacy
Versions    : fc1: sudo-1.6.7p5-2.3.legacy
Versions    : fc2: sudo-1.6.7p5-26.2.legacy
Summary     : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

---------------------------------------------------------------------
Update Information:

An updated sudo package is available that fixes a race condition in
sudo's pathname validation.

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root with logging.

A race condition bug was found in the way sudo handles pathnames. It is
possible that a local user with limited sudo access could create
a race condition that would allow the execution of arbitrary commands as
the root user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-1993 to this issue.

Users of sudo should update to this updated package, which contains a
backported patch and is not vulnerable to this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Feb 13 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.5p2-2.3.legacy
- Fix CVE-2005-1993 sudo trusted user arbitrary command execution

rh9:
* Mon Feb 13 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.6-3.3.legacy
- Fix CVE-2005-1993 sudo trusted user arbitrary command execution

fc1:
* Wed Feb 15 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.7p5-2.3.legacy
- Fix CVE-2005-1993 sudo trusted user arbitrary command execution

fc2:
* Thu Feb 16 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.7p5-26.2.legacy
- Added missing libselinux-devel to BuildRequires

* Wed Feb 15 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.7p5-26.1.legacy
- Fix CVE-2005-1993 sudo trusted user arbitrary command execution

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
5eed8171a2be78f8a03de987b86220b1c8ecb9d4
redhat/7.3/updates-testing/i386/sudo-1.6.5p2-2.3.legacy.i386.rpm
f1fdc4b82456cf66f89764ec7f9c0909a0603805
redhat/7.3/updates-testing/SRPMS/sudo-1.6.5p2-2.3.legacy.src.rpm

rh9:
7a84e2d96bba56142ca8c6dec2603577e31b2072
redhat/9/updates-testing/i386/sudo-1.6.6-3.3.legacy.i386.rpm
4aca97be1c9e5f61efa1165955eb219fce3af70e
redhat/9/updates-testing/SRPMS/sudo-1.6.6-3.3.legacy.src.rpm

fc1:
4e7b55e41c355e51b4cdd3a820a6d5c94df43fdc
fedora/1/updates-testing/i386/sudo-1.6.7p5-2.3.legacy.i386.rpm
6843f6ee7792e8c63f1034107a4a4e464a613798
fedora/1/updates-testing/SRPMS/sudo-1.6.7p5-2.3.legacy.src.rpm

fc2:
954a6e7098b7e86e7bc1f1532a72f8a3dab32380
fedora/2/updates-testing/i386/sudo-1.6.7p5-26.2.legacy.i386.rpm
82c884d6bcff123dd510ffdb8a0d81ce63606364
fedora/2/updates-testing/SRPMS/sudo-1.6.7p5-26.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060217/0c4b321a/attachment.sig>

More information about the fedora-legacy-list mailing list