=========================================================== Ubuntu Security Notice USN-213-1 October 28, 2005 sudo vulnerability CVE-2005-2959 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: sudo The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.3 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.2 (for Ubuntu 5.04), or 1.6.8p9-2ubuntu2.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the "P4" and "SHELLOPTS" environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user. Updated packags for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.diff.gz Size/MD5: 21082 c81698c37a6dabb9eccf9d9c4a0b48e9 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.dsc Size/MD5: 585 dfd36c233ae8bfb0b16d6995683c4bb6 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5.orig.tar.gz Size/MD5: 349785 55d503e5c35bf1ea83d38244e0242aaf amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_amd64.deb Size/MD5: 156228 ea32212dcf00d19b65df967cf16d7138 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_i386.deb Size/MD5: 145676 f04e61af4af0740dbd21f8365be2005e powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_powerpc.deb Size/MD5: 153246 70cf540392b2fa601564cfb1a2b3b1e7 Updated packags for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.diff.gz Size/MD5: 24513 1a6fa0bf72bdc96cd873c10d2607c470 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.dsc Size/MD5: 585 6b50f803e5627991dc92846244e7ae08 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5.orig.tar.gz Size/MD5: 584832 03538d938b8593d6f1d66ec6c067b5b5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_amd64.deb Size/MD5: 170356 3c158ee2844029be088446f6a58b0aae i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_i386.deb Size/MD5: 158662 5c72a5a138b401fe03d164ae6a454bd3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_powerpc.deb Size/MD5: 165390 831a1b3806ec0e2ebd4429cf0334dd4e Updated packags for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.diff.gz Size/MD5: 21867 259154beb440d8162588bbf30d697d98 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.dsc Size/MD5: 585 8439503439e0bc52951aa0b71c93904f http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9.orig.tar.gz Size/MD5: 585509 6d0346abd16914956bc7ea4f17fc85fb amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_amd64.deb Size/MD5: 172296 0e01662adeada9a1a20431f576059f05 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_i386.deb Size/MD5: 158766 f3858eb968eaa1ae295d39cfe3e4e7d0 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_powerpc.deb Size/MD5: 166862 84538e98f7e7bb93a37fa228e55a7fb5