Summary: | app-admin/sudo <1.7.0 Privilege escalation due to incorrect check for user's group (CVE-2009-0034) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | flameeyes, fmccor |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.novell.com/show_bug.cgi?id=468923 | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-01-28 14:05:52 UTC
Diego, sudo 1.7.0 is unaffected by this. It's your call whether to patch 1.6.9 or stable the new upstream version. I call for stable on 1.7.0 then. [geez that sounded like a tabletop rpg :P] Arches, please test and mark stable: =app-admin/sudo-1.7.0 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Sparc stable. This has been assigned CVE-2009-0034, details can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0034 ppc64 done + 29 Jan 2009; <chainsaw@gentoo.org> sudo-1.7.0.ebuild: + Marked stable on AMD64 for security bug #256633, tested on a Core2 Duo + laptop. JeR conjures an HPPA Stable Spell. x86 stable Stable on alpha. ppc stable GLSA request filed. arm/ia64/s390/sh stable GLSA 200902-01, don't know why it was still open... |