'[announce] AVXSA-2005:016 security fixes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       annvix-announce
Subject:    [announce] AVXSA-2005:016 security fixes
From:       vdanen () annvix ! org
Date:       2005-06-22 3:09:03
Message-ID: E1Dkvbr-0003eX-LA () build ! annvix ! org
[Download RAW message or body]

 A race condition was discovered in sudo by Charles Morris.  This could
 lead to the escalation of privileges if /etc/sudoers allowed a user to
 execute selected programs that were then followed by another line
 containing the pseudo-command "ALL".  By creating symbolic links at a
 certain time, that user could execute arbitrary commands.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1993
  http://www.sudo.ws/sudo/alerts/path_race.html
 ______________________________________________________________________

 Updated Packages:

 Annvix 1.0-RELEASE:
 dd5ed6826d370184b2f2d79ea7a539ff870baa75  1.0-RELEASE/SRPMS/sudo-1.6.8p2-1.1avx.src.rpm
 c0fb9ddf53cd05ddbae84b6bbc21598c44ae4d58  1.0-RELEASE/i586/sudo-1.6.8p2-1.1avx.i586.rpm
 0120961a60f11a3717263d25d500ffba832e497a  1.0-RELEASE/x86_64/sudo-1.6.8p2-1.1avx.x86_64.rpm
 _______________________________________________________________________

 All Annvix security advisories are available at:

   http://annvix.org/advisories/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCuDfmJnj1HmfyJpYRAhtaAJwPg5Q5R3a8CXnHTycrosIxE0apLgCdEf54
PG60hoUcopYvOF++8zwECdA=
=jevv
-----END PGP SIGNATURE-----

_______________________________________________
announce mailing list
announce@annvix.org
http://annvix.org/mailman/listinfo/announce

[prev in list] [next in list] [prev in thread] [next in thread] 