Описание
ELSA-2013-1353: sudo security and bug fix update (LOW)
[1.7.2p1-28]
- backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 Resolves: rhbz#968221
[1.7.2p1-27]
- visudo: fixed incorrect warning and parse error regarding undefined aliases which were in fact defined Resolves: rhbz#849679 Resolves: rhbz#905624
[1.7.2p1-26]
- updated sudoers man-page to clarify the behavior of the user negation operator and the behavior of wildcard matching in command specifications Resolves: rhbz#846118 Resolves: rhbz#856902
[1.7.2p1-25]
- fixed regression in escaping of sudo -i arguments Resolves: rhbz#853203
[1.7.2p1-24]
- bump release number
[1.7.2p1-23]
- Fixed caching of user and group names
- Backported RFC 4515 escaping of LDAP queries Resolves: rhbz#855836 Resolves: rhbz#869287
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
sudo
1.7.2p1-28.el5
Oracle Linux x86_64
sudo
1.7.2p1-28.el5
Oracle Linux i386
sudo
1.7.2p1-28.el5
Связанные CVE
Связанные уязвимости
ELSA-2013-1701: sudo security, bug fix and enhancement update (LOW)
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...