[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:27162] [SECURITY] [DSA-031-1] New version of sudo released (from debian-security-announce@lists.debian.org)



# システムができるまで、とりあえず。

概要だけ。potato用sudoにrootを取れるかもしれない
バッファオーバーフローバグが発見され、修正版が出ました。
アップグレードしてください、とのこと。

debian-security-announce@lists.debian.orgからの情報です。原文は、
http://lists.debian.org/debian-security-announce-01/msg00025.html
で読めるようになるはずです。Web版は、
http://www.debian.org/security/2001/dsa-031
になるでしょう(現時点では両方ともありません)。

以下、引用。

From: mstone@xxxxxxxxxxxxxxxxxx (Michael Stone)
Subject: [SECURITY] [DSA-031-1] New version of sudo released
Date: Wed, 28 Feb 2001 07:32:31 -0500 (EST)
> - ----------------------------------------------------------------------------
> Debian Security Advisory DSA-031-1                       security@debian.org
> http://www.debian.org/security/                                Michael Stone
> February 28, 2001
> - ----------------------------------------------------------------------------
> 
> Package: sudo
> Vulnerability: buffer overflow
> Debian-specific: no
> 
> Todd Miller announced a new version of sudo which corrects a buffer
> overflow that could potentially be used to gain root privilages on the
> local system. The fix from sudo 1.6.3p6 is available in sudo
> 1.6.2p2-1potato1 for Debian 2.2 (potato).
> 
> We recommend you upgrade your sudo package immediately.
> 
> wget url
> 	will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
(略)
> - ----------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
(略)
-- 
喜瀬“冬猫”浩@南国沖縄