sudo version 1.6.8p1 has been released to address a security flaw in sudoedit that could give a malicious user read access to file that would normally be unreadable.
efab4b67cba3f43b49749ab3f9feff2c10711daa2901a428c6afc8c3591c8f21
---------- Forwarded message ----------
Date: Thu, 16 Sep 2004 13:13:05 -0600
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: sudo-announce@sudo.ws
Subject: [sudo-announce] Sudo version 1.6.8p1 now available
Sudo version 1.6.8, patchlevel 1 is now available. It includes a
fix for a security flaw in sudoedit that could give a malicious
user read access to file that would normally be unreadable. See
http://www.sudo.ws/sudo/alerts/sudoedit.html for more details.
Major changes since Sudo 1.6.8:
o Sudoedit now re-opens the temp file as the invoking user
and will only open regular files.
o Better detection of unchanged files in sudoedit.
o The path to ldap.conf is now configurable.
o Added SSL tls_* certificate checking options when using LDAP.
o The sample pam config file has been updated.
Commercial support is now available for Sudo. If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted for.
You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html
Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community. Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo.
You may recall news of a patent recently awarded to MicroSoft that
some people have said covers Sudo. After reading through the patent
and conferring with several people I don't believe it covers Sudo
as it exists now since the patent appears to cover a persistent
daemon process. However, the patent does seem overly broad and
could restrict future Sudo development so I am collecting prior
art in the hopes of having the patent re-evaluated. If you have
examples of prior art, please contact me with details.
Master Web Site:
http://www.sudo.ws/sudo/
Web Site Mirrors:
http://sudo.stikman.com/ (Los Angeles, California, USA)
http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
http://www.signal42.com/mirrors/sudo_www/ (USA)
http://sudo.xmundo.net/ (Argentina)
http://sudo.planetmirror.com/ (Australia)
http://sunshine.lv/sudo/ (Latvia)
http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
http://sudo.cdu.elektra.ru/ (Russia)
http://sudo.nctu.edu.tw/ (Taiwan)
FTP Mirrors:
ftp://anonopenbsd.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
ftp://ftp.ujf-grenoble.fr/sudo/ (France)
ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
HTTP Mirrors:
http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
http://probsd.org/sudoftp/ (East Coast, USA)
http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed