[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041112175126.W81093@fireball.sekure.net>
Date: Fri, 12 Nov 2004 17:52:06 +0100 (CET)
From: je@...ure.net
To: bugtraq@...urityfocus.com
Subject: Sudo version 1.6.8p2 now available (fwd)
---------- Forwarded message ----------
Date: Fri, 12 Nov 2004 09:21:07 -0700
From: Todd C. Miller <Todd.Miller@...rtesan.com>
To: sudo-announce@...o.ws
Subject: [sudo-announce] Sudo version 1.6.8p2 now available
Sudo version 1.6.8, patchlevel 2 is now available. It includes a fix
for a security flaw in sudo's environment cleaning that could give a
malicious user with sudo access to a bash script the ability to run
arbitrary commands. See http://www.sudo.ws/sudo/alerts/bash_functions.html
for more details.
Changes since Sudo 1.6.8p1:
o Bash exported functions and the CDPATH variable are now stripped from
the environment passed to the program to be executed.
Commercial support is now available for Sudo. If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted.
You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html
Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community. Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo (currently underway).
Master Web Site:
http://www.sudo.ws/sudo/
Web Site Mirrors:
http://sudo.stikman.com/ (Los Angeles, California, USA)
http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
http://www.signal42.com/mirrors/sudo_www/ (USA)
http://sudo.xmundo.net/ (Argentina)
http://sudo.planetmirror.com/ (Australia)
http://sunshine.lv/sudo/ (Latvia)
http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
http://sudo.cdu.elektra.ru/ (Russia)
http://sudo.nctu.edu.tw/ (Taiwan)
FTP Mirrors:
ftp://plier.ucar.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
ftp://ftp.ujf-grenoble.fr/sudo/ (France)
ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
HTTP Mirrors:
http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
http://probsd.org/sudoftp/ (East Coast, USA)
http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@...o.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce
Powered by blists - more mailing lists