Debian alert DLA-1011-1 (sudo)

From:
    	       Antoine Beaupré <anarcat@debian.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 1011-1] sudo security update 
Date:
    	       Mon, 3 Jul 2017 11:30:21 -0400
Message-ID:
    	       <20170703153021.luttrkccgcy4arrq@curie.anarc.at>
Package        : sudo
Version        : 1.8.5p2-1+nmu3+deb7u4
CVE ID         : CVE-2017-1000368
Debian Bug     : 863897

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an
input validation (embedded newlines) in the get_process_ttyname()
function resulting in information disclosure and command execution.

The previous announcement (DLA-970-1) was about a similar security
issue (CVE-2017-1000367) which wasn't completely fixed.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.5p2-1+nmu3+deb7u4.

We recommend that you upgrade your sudo packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

From:		Antoine Beaupré <anarcat@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 1011-1] sudo security update
Date:		Mon, 3 Jul 2017 11:30:21 -0400
Message-ID:		<20170703153021.luttrkccgcy4arrq@curie.anarc.at>