| |||||||||||||||||||
Mageia alert MGASA-2013-0078 (sudo)
MGASA-2013-0078 Date: March 1st, 2013 Affected releases: 2 Media: Core Description: Updated sudo packages fix security vulnerabilities: Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt (CVE-2013-1775). Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period (usually five minutes) (CVE-2013-1776). Updated Packages: i586: sudo-1.8.3p2-2.1.mga2.i586.rpm sudo-devel-1.8.3p2-2.1.mga2.i586.rpm sudo-debug-1.8.3p2-2.1.mga2.i586.rpm x86_64: sudo-1.8.3p2-2.1.mga2.x86_64.rpm sudo-devel-1.8.3p2-2.1.mga2.x86_64.rpm sudo-debug-1.8.3p2-2.1.mga2.x86_64.rpm SRPMS: sudo-1.8.3p2-2.1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776 http://www.sudo.ws/sudo/alerts/epoch_ticket.html http://www.sudo.ws/sudo/alerts/tty_tickets.html http://www.ubuntu.com/usn/usn-1754-1/ https://bugs.mageia.org/show_bug.cgi?id=9207 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||