On 2/3/21 12:13 PM, Tree Davies via lfs-dev wrote:
Hi Everyone,
Just wanted to mention according to the article BLFS is using a
vulnerable version of Sudo (1.9.2).
Although I haven't been able to repro it... Has anyone else been
successful?
Cheers,
Tree
https://frontpagelinux.com/news/sudo-vulnerability-discovered-how-to-protect-your-system-from-baron-samedit/
http://www.linuxfromscratch.org/blfs/view/stable-systemd/postlfs/sudo.html
Hi Tree,
sudo-1.9.5p2 is in BLFS SVN, and we've got an errata published here:
http://linuxfromscratch.org/blfs/errata/10.0-systemd/
"After release, multiple security vulnerabilities were discovered in
Sudo before 1.9.5p2. One of these allows for an unprivileged user to
gain root access via the sudoedit command. To fix these vulnerabilities,
update to Sudo-1.9.5p2 or later using the instructions in sudo-1.9.5p2
<http://linuxfromscratch.org/blfs/view/systemd/postlfs/sudo.html>."
To update to sudo-1.9.5p2, use the instructions located here:
http://linuxfromscratch.org/blfs/view/systemd/postlfs/sudo.html
- Doug
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
