On Mon, 23 Feb 2015 11:48:35 +0100
Raphael Hertzog <hertzog@debian.org> wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of your package:
> https://security-tracker.debian.org/tracker/CVE-2014-9680
> https://security-tracker.debian.org/tracker/CVE-2014-0106
> (the latter has been ignored up-to-now but since we have to
> prepare an update, we might as well include the fix in this update)
Fix for CVE-2014-9680.
marko@debian:~$ echo moo > tz
marko@debian:~$ chmod 0 tz
marko@debian:~$ cat tz
cat: tz: Permission denied
marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date
sudo: strace: command not found
marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220!\0\0\0\0\0\0"..., 832) = 832
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\357\1\0\0\0\0\0"..., 832) = 832
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\\\0\0\0\0\0\0"..., 832) = 832
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096) = 1931
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) = 1230
Thu Feb 26 15:25:44 CET 2015
Best regards
--
http://markorandjelovic.hopto.org
One should not be afraid of humans.
Well, I am not afraid of humans, but of what is inhuman in them.
Ivo Andric, "Signs near the travel-road"
Attachment:
sudo_1.7.4p4-2.squeeze.5.debian.tar.gz
Description: GNU Zip compressed data
Attachment:
sudo_1.7.4p4-2.squeeze.5.dsc
Description: Binary data