FAMOUS JAMES! On 9 March 2013 08:35, Michael Gilbert <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2642-1 [email protected] > http://www.debian.org/security/ Michael Gilbert > March 09, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : sudo > Vulnerability : several issues > Problem type : remote > Debian-specific: no > CVE ID : CVE-2013-1775 CVE-2013-1776 > Debian Bug : 701838 701839 > > Several vulnerabilities have been discovered in sudo, a program designed > to allow a sysadmin to give limited root privileges to users. The Common > Vulnerabilities and Exposures project identifies the following problems: > > CVE-2013-1775 > > Marco Schoepl discovered an authentication bypass when the clock is > set to the UNIX epoch [00:00:00 UTC on 1 January 1970]. > > CVE-2013-1776 > > Ryan Castellucci and James Ogden discovered aspects of an issue that > would allow session id hijacking from another authorized tty. > > For the stable distribution (squeeze), these problems have been fixed in > version 1.7.4p4-2.squeeze.4. > > For the testing (wheezy) and unstable (sid) distributions, these problems > have been fixed in version 1.8.5p2-1+nmu1. > > We recommend that you upgrade your sudo packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEcBAEBAgAGBQJROvQlAAoJEFb2GnlAHawEXIcH/0cASxNsRL3Y9on8brvEnpah > 0B9qQ1NY9pzEQLzdQjQ/rJpzb/wK46Cx3aI6XpTxy9AbDNiQPgjxujbcQDtNNWQU > OYsQl0O77qhPs42v2TAGEnNoVtrsdiWNSIAwV4YOz3H/gc/Q8z3awpsvx8DjT+Q3 > mO23mQ1ukHivwfPam5l4FegCGM4sZhZjetiRb9zjVKtpDvZpD1SEUfGU+sb/CZ8s > 622vJ7zGBGF1tbeY2ff2JPG7t7QWXx4KDNLup9yA4CqZzUYZEX6k8j7ATS8VvZQk > XhSiWDldVYgeO/uZlO1jRSZLB0XCJLp9UEqNxBxwKyjPVl5kIORzC1hljpJKeHY= > =Czjn > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] >
-- Martin Gleadow Systems Manager Technophobia Ltd, Velocity House, 3 Solly Street, Sheffield S1 4DE t: +44 (0)114 2212123 e: [email protected] w: http://www.technophobia.com http://twitter.com/WeTechnophobia Part of Capita plc: www.capita.co.uk Registered in England and Wales Company No. 3063669 VAT registration No. 618 1841 40 ISO 9001:2008 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not Technophobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of Technophobia, are recorded for monitoring purposes. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cajeoypr332c06fcem281ykks+afuia2bwmcogpjd6akb__0...@mail.gmail.com
