On 2013-11-02, Cybe R. Wizard <cybe_r_wiz...@earthlink.net> wrote: >> http://www.sudo.ws/sudo/alerts/sudo_debug.html >> >> Impact: Successful exploitation of the bug will allow a user to run >> arbitrary commands as root. >> >> Exploitation of the bug does not require that the attacker be listed >> in the sudoers file. As such, we strongly suggest that affected sites >> upgrade from affected sudo versions as soon as possible. >> > How valid is that considering that Wheezy is using sudo > version 1.8.5p2-1+nmu1 ? May I assume that there are still a lot of > non-upgraded machines out there? Maybe best advice would be to upgrade > their whole Debian.
I thought we were talking about people running "unpatched" sudos in distros where the program isn't included in the official repositories of packages and therefore gets no security updates (or something)? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnl7ad5p.37q.cu...@einstein.electron.org
