Hallo Frau Carstens, sind wir da auf dem aktuellen Stand ? Sonst bitte bei n�chster Wartungsaufgabe mit machen.
--- Andreas Hellmer - [EMAIL PROTECTED] Hamburger Pensionsverwaltung eG MS> -----BEGIN PGP SIGNED MESSAGE----- MS> Hash: SHA1 MS> - -------------------------------------------------------------------------- MS> Debian Security Advisory DSA 596-1 [EMAIL PROTECTED] MS> http://www.debian.org/security/ Martin Schulze MS> November 24th, 2004 http://www.debian.org/security/faq MS> - -------------------------------------------------------------------------- MS> Package : sudo MS> Vulnerability : missing input sanitising MS> Problem-Type : local MS> Debian-specific: no MS> CVE ID : CAN-2004-1051 MS> Debian Bug : 281665 MS> Liam Helmer noticed that sudo, a program that provides limited super MS> user privileges to specific users, does not clean the environment MS> sufficiently. Bash functions and the CDPATH variable are still passed MS> through to the program running as privileged user, leaving MS> possibilities to overload system routines. These vulnerabilities can MS> only be exploited by users who have been granted limited super user MS> privileges. MS> For the stable distribution (woody) these problems have been fixed in MS> version 1.6.6-1.2. MS> For the unstable distribution (sid) these problems have been fixed in MS> version 1.6.8p3. MS> We recommend that you upgrade your sudo package. MS> Upgrade Instructions MS> - -------------------- MS> wget url MS> will fetch the file for you MS> dpkg -i file.deb MS> will install the referenced file. MS> If you are using the apt-get package manager, use the line for MS> sources.list as given below: MS> apt-get update MS> will update the internal database MS> apt-get upgrade MS> will install corrected packages MS> You may use an automated update by adding the resources from the MS> footer to the proper configuration. MS> Debian GNU/Linux 3.0 alias woody MS> - -------------------------------- MS> Source archives: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.dsc MS> Size/MD5 checksum: 587 b4750887bf910de5d8bc4d4ef3f71b3b MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.diff.gz MS> Size/MD5 checksum: 12251 e138445e17adf6eec25035bb8c1ef0c9 MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz MS> Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333 MS> Alpha architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_alpha.deb MS> Size/MD5 checksum: 151386 841c5cfa5405fbef08d95fb7fcd50364 MS> ARM architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_arm.deb MS> Size/MD5 checksum: 141442 46d1faa34df223b014c3131879ccadff MS> Intel IA-32 architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_i386.deb MS> Size/MD5 checksum: 135076 687519f374ef803d532e1a2c966322a6 MS> Intel IA-64 architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_ia64.deb MS> Size/MD5 checksum: 172442 8e0f391e39197f7911069210dae06da7 MS> HP Precision architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_hppa.deb MS> Size/MD5 checksum: 147512 b32938d0bf2d681b4556c64d7071187a MS> Motorola 680x0 architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_m68k.deb MS> Size/MD5 checksum: 132698 63860473eb387086c4474acc395ff96e MS> Big endian MIPS architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mips.deb MS> Size/MD5 checksum: 144380 c1ffef369f073099d84704f24e2252f1 MS> Little endian MIPS architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mipsel.deb MS> Size/MD5 checksum: 144250 bdb34c5adaf5562908d6df4517bf0cd3 MS> PowerPC architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_powerpc.deb MS> Size/MD5 checksum: 140566 ff92e82812ef08d35b51239099efaca3 MS> IBM S/390 architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_s390.deb MS> Size/MD5 checksum: 140222 f327c3436a5a103b1d028dc2e045c226 MS> Sun Sparc architecture: MS> http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_sparc.deb MS> Size/MD5 checksum: 143004 6c4300c125317a6faf9e154803552485 MS> These files will probably be moved into the stable distribution on MS> its next update. MS> - --------------------------------------------------------------------------------- MS> For apt-get: deb http://security.debian.org/ stable/updates main MS> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main MS> Mailing list: [EMAIL PROTECTED] MS> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> MS> -----BEGIN PGP SIGNATURE----- MS> Version: GnuPG v1.2.5 (GNU/Linux) MS> iD8DBQFBpHn2W5ql+IAeqTIRAsbeAJ93UCDKx39/3F123rZPt4B+CpYN5wCcD01g MS> heOiCeKmYQUJoqWasNWbWB0= MS> =qta2 MS> -----END PGP SIGNATURE-----
