sudo-1.7.2p1-7.AXS3

エラータID: AXSA:2010-366:04

Release date: 
Friday, June 18, 2010 - 12:58
Subject: 
sudo-1.7.2p1-7.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Solution: 

Update packages.

CVEs: 
CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.


Additional Info: 

N/A

Download: 

SRPMS
  1. sudo-1.7.2p1-7.AXS3.src.rpm
    MD5: dc0612beba7f6b1330e9a032f2aa861c
    SHA-256: 3967ccc477a09001d13fe1dbef185c94b8a7510fffe9753e21e7bd18b740dfa7
    Size: 786.77 kB

Asianux Server 3 for x86
  1. sudo-1.7.2p1-7.AXS3.i386.rpm
    MD5: dae5e28d048c71ab7840f456541b004f
    SHA-256: 9997c413e1f6e763b7acbde8e0cda67043256a20ac3d2948a28c586b96279ab9
    Size: 230.45 kB

Asianux Server 3 for x86_64
  1. sudo-1.7.2p1-7.AXS3.x86_64.rpm
    MD5: 3ee329b124b9a0ead6c957e34980be23
    SHA-256: 68eddc0b153e9c8a26d6b214d0de8256a47e6d824ccad1286ce76482bb3e0e76
    Size: 236.47 kB