sudo-1.7.2p1-8.AXS3
エラータID: AXSA:2010-437:05
Release date:
Wednesday, September 8, 2010 - 15:13
Subject:
sudo-1.7.2p1-8.AXS3
Affected Channels:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
CVE-2010-2956
No description available at the time of writing, see the link below.
Solution:
Update packages.
CVEs:
CVE-2010-2956
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Additional Info:
N/A
Download:
SRPMS
- sudo-1.7.2p1-8.AXS3.src.rpm
MD5: 77b8bee76dd7bee0e5f278b36f4ed842
SHA-256: efaf317aefa63a2e4b1e33dac7945119e48f437318150972086e8bbbc9ad7f95
Size: 787.71 kB
Asianux Server 3 for x86
- sudo-1.7.2p1-8.AXS3.i386.rpm
MD5: c863dd9a28e949d8c5b366a1faa31b46
SHA-256: afa20d59ea7468776ef9e4c452ffafe5a19d374704cc93d409ddab52221d5680
Size: 230.77 kB
Asianux Server 3 for x86_64
- sudo-1.7.2p1-8.AXS3.x86_64.rpm
MD5: 3aff1b04889fdd3facd7a822fb2e813e
SHA-256: 3f0601b8e2d92bc2560bb6a3400ca72177906503988d543f53eb8c0b967f0834
Size: 236.62 kB
日本語