Date: Mon, 26 Feb 2001 13:23:08 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [CLA-2001:381] Conectiva Linux Security Announcement -
sudo
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : sudo
SUMMARY : Local buffer overflow
DATE : 2001-02-26 13:22:00
ID : CLA-2001:381
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1, 6.0
DESCRIPTION
"sudo" is a program used to delegate superuser privileges to
ordinary users and only for specific commands. There is a buffer
overflow vulnerability in sudo which could be used by an attacker
to obtain higher privileges.
SOLUTION
All sudo users should upgrade the package.
The problem was reported in sudo's bugzilla by
chris@camcom.co.uk and the author, Todd C. Miller, released an
updated version.
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to
perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):