lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040916212307.H57610@fireball.sekure.net>
Date: Thu, 16 Sep 2004 21:23:21 +0200 (CEST)
From: je@...ure.net
To: bugtraq@...urityfocus.com
Subject: [sudo-announce] Sudo version 1.6.8p1 now available (fwd)



---------- Forwarded message ----------
Date: Thu, 16 Sep 2004 13:13:05 -0600
From: Todd C. Miller <Todd.Miller@...rtesan.com>
To: sudo-announce@...o.ws
Subject: [sudo-announce] Sudo version 1.6.8p1 now available

Sudo version 1.6.8, patchlevel 1 is now available.  It includes a
fix for a security flaw in sudoedit that could give a malicious
user read access to file that would normally be unreadable.  See
http://www.sudo.ws/sudo/alerts/sudoedit.html for more details.

Major changes since Sudo 1.6.8:

 o Sudoedit now re-opens the temp file as the invoking user
   and will only open regular files.

 o Better detection of unchanged files in sudoedit.

 o The path to ldap.conf is now configurable.

 o Added SSL tls_* certificate checking options when using LDAP.

 o The sample pam config file has been updated.

Commercial support is now available for Sudo.  If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted for.

You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html

Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community.  Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo.

You may recall news of a patent recently awarded to MicroSoft that
some people have said covers Sudo.  After reading through the patent
and conferring with several people I don't believe it covers Sudo
as it exists now since the patent appears to cover a persistent
daemon process.  However, the patent does seem overly broad and
could restrict future Sudo development so I am collecting prior
art in the hopes of having the patent re-evaluated.  If you have
examples of prior art, please contact me with details.

Master Web Site:
    http://www.sudo.ws/sudo/

Web Site Mirrors:
    http://sudo.stikman.com/ (Los Angeles, California, USA)
    http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
    http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
    http://www.signal42.com/mirrors/sudo_www/ (USA)
    http://sudo.xmundo.net/ (Argentina)
    http://sudo.planetmirror.com/ (Australia)
    http://sunshine.lv/sudo/ (Latvia)
    http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
    http://sudo.cdu.elektra.ru/ (Russia)
    http://sudo.nctu.edu.tw/ (Taiwan)

FTP Mirrors:
    ftp://anonopenbsd.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
    ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
    ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
    ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
    ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
    ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
    ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
    ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
    ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
    ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
    ftp://ftp.ujf-grenoble.fr/sudo/ (France)
    ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
    ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
    ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
    ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
    ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
    ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)

HTTP Mirrors:
    http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    http://probsd.org/sudoftp/ (East Coast, USA)
    http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
    http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
    http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
    http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
    http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@...o.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ