Fedora Legacy Test Update Notification: sudo

[Marc Deslauriers]

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2291
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2291
2005-03-07
---------------------------------------------------------------------

Name        : sudo
Versions    : rh7.3: sudo-1.6.5p2-2.2.legacy
Versions    : rh9: sudo-1.6.6-3.2.legacy
Versions    : fc1: sudo-1.6.7p5-2.2.legacy
Summary     : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

---------------------------------------------------------------------
Update Information:

Updated sudo packages that fix a security issue are now available.

Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments.

A flaw in exists in sudo's environment sanitizing prior to sudo version
1.6.8p2 that could allow a malicious user with permission to run a shell
script that utilized the bash shell to run arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1051 to this issue.

Users of sudo are advised to upgrade to these errata packages, which
contain a patch correcting this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Sun Mar 06 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.5p2-2.2.legacy
- Added missing groff to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi> 1.6.5p2-2.1.legacy
- Fix CAN-2004-1051 (#2291) with patch from Debian.

rh9:
* Sun Mar 06 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.6-3.2.legacy
- Added missing groff to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi> 1.6.6-3.1.legacy
- Fix CAN-2004-1051 (#2291) with patch from Debian.

fc1:
* Sun Mar 06 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1.6.7p5-2.2.legacy
- Added missing groff to BuildRequires

* Tue Dec 21 2004 Pekka Savola <pekkas at netcore.fi> 1.6.7p5-2.1.legacy
- Fix CAN-2004-1051 (#2291) with patch from Debian.

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
19c703b635c9e4299d39b60d9cd16d750a4f6d89 
redhat/7.3/updates-testing/i386/sudo-1.6.5p2-2.2.legacy.i386.rpm
9225335d8ca64ca7e1cb1fd98a09a9821ab9b0d8 
redhat/7.3/updates-testing/SRPMS/sudo-1.6.5p2-2.2.legacy.src.rpm

rh9:
73e1ce58ba8f6c211da4271d8f7a792aa01acba2 
redhat/9/updates-testing/i386/sudo-1.6.6-3.2.legacy.i386.rpm
4a9c1de46d43694ec94688cfc021ade0dc0b1678 
redhat/9/updates-testing/SRPMS/sudo-1.6.6-3.2.legacy.src.rpm

fc1:
a990c5c070acd9ae8c50181487f2f9cdacb38378 
fedora/1/updates-testing/i386/sudo-1.6.7p5-2.2.legacy.i386.rpm
fe6b14daf1f5190e7d39625d6048bb415ba8851c 
fedora/1/updates-testing/SRPMS/sudo-1.6.7p5-2.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050307/88d98df1/attachment.sig>