[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 946-1] New sudo packages fix privilege escalation

On Fri, Jan 20, 2006 at 11:24:04AM +0100, Martin Schulze wrote:
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 946-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> January 20th, 2006                        http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : sudo
> Vulnerability  : missing input sanitising
> Problem type   : local
> Debian-specific: no
> CVE IDs        : CVE-2005-4158 CVE-2006-0151
> Debian Bug     : 342948
> 
> For unstable
> "Defaults = env_reset" need to be addeed to /etc/sudoers manually.

Why is this only necessary on unstable systems? The security update
doesn't seem to add this on stable systems automatically, so it might
be necessary to manually add this on stable and testing as well.

Please advise. Thanks.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
Reply to: