sudo-1.7.2p1-6.AXS3
エラータID: AXSA:2010-243:03
Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for '.', which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Update packages.
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
N/A
SRPMS
- sudo-1.7.2p1-6.AXS3.src.rpm
MD5: d951734866aaa6e4b72c5b5b2f284e00
SHA-256: 97539df427a00eadf127269477267224801e5aceb1351e7bb9cb8cd181422080
Size: 785.59 kB
Asianux Server 3 for x86
- sudo-1.7.2p1-6.AXS3.i386.rpm
MD5: acaaa2548b78df5999bea30bde5834aa
SHA-256: a3c48610bf190d7e2569a6ff67247f38fb326b122b987b3ac5611ce071970a08
Size: 230.31 kB
Asianux Server 3 for x86_64
- sudo-1.7.2p1-6.AXS3.x86_64.rpm
MD5: c798a7ca2f5b5f79ade242f55a235fc7
SHA-256: f428f9458eb5dcee64ed82c168c2947c4aa199571aafcd47c44fe7b87155411f
Size: 236.27 kB
日本語