Summary: | <app-admin/sudo-1.8.3_p2 : format string vulnerability (CVE-2012-0809) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | alex, base-system, henri, hiyuh.root, kfm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.sudo.ws/sudo/alerts/sudo_debug.html | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-01-30 15:40:43 UTC
1.8.3_p2 now in the tree (In reply to comment #1) > 1.8.3_p2 now in the tree Thanks Mike. Arches, please test and mark stable: =app-admin/sudo-1.8.3_p2 Target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64 stable x86 stable Stable for HPPA. ppc done alpha/arm/ia64/m68k/s390/sh/sparc stable CVE-2012-0809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0809): Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. ppc64 done Thanks, everyone. Already on existing GLSA draft. This issue was resolved and addressed in GLSA 201203-06 at http://security.gentoo.org/glsa/glsa-201203-06.xml by GLSA coordinator Sean Amoss (ackle). |