sudo-1.8.6p3-12.AXS4
エラータID: AXSA:2014-027:01
Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
• CVE-2013-1775
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
• CVE-2013-2776
udo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
• CVE-2013-2777
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Fixed bugs:
• sudo now supports netgroup filtering for sources from the SSSD. Previously, SSSD rules applied to all users, even those not part of the specified netgroup. They now only apply to users belonging to the specified netgroup.
• Previously, if both the soft (current) and hard (maximum) values of RLIMIT_NPROC were not limited, sudo would reset them to the parent's value of these limits. This has been fixed and RLIMIT_NPROC can now really be set to "unlimited".
• Restored the previous behaviour of sudo and the name of the user running the sudo command is now logged again, instead of "root".
• Fixed an error in a loop condition that sometimes triggered a buffer overflow.
Enhancements:
• sudo now sends debug messages about netgroup matching to the debug log.
• sudo now accepts the ipa_hostname value from the /etc/sssd/sssd.conf configuration file when matching netgroups.
Update packages.
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
N/A
SRPMS
- sudo-1.8.6p3-12.AXS4.src.rpm
MD5: a1fb14020f94b13e10f24de59dd249b2
SHA-256: 8697cb534d12ecc6efd32ca6b0048b0645fe0d0702f08a6205134eb571d4934c
Size: 1.83 MB
Asianux Server 4 for x86
- sudo-1.8.6p3-12.AXS4.i686.rpm
MD5: bce578b9a535ae7c29562fadfe8acc33
SHA-256: 37e17f35cbaef1c78598a99efd59b1b5dc7eb93574029332ef915c72bce333db
Size: 695.53 kB
Asianux Server 4 for x86_64
- sudo-1.8.6p3-12.AXS4.x86_64.rpm
MD5: cdad31f00111b9ec98b3486a7c55eeb2
SHA-256: 03b5fee200177de326b2f6e2882f2880ba5126874a72e50b637c3ab48af71c61
Size: 702.89 kB