lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041112175126.W81093@fireball.sekure.net>
Date: Fri, 12 Nov 2004 17:52:06 +0100 (CET)
From: je@...ure.net
To: bugtraq@...urityfocus.com
Subject: Sudo version 1.6.8p2 now available (fwd)



---------- Forwarded message ----------
Date: Fri, 12 Nov 2004 09:21:07 -0700
From: Todd C. Miller <Todd.Miller@...rtesan.com>
To: sudo-announce@...o.ws
Subject: [sudo-announce] Sudo version 1.6.8p2 now available

Sudo version 1.6.8, patchlevel 2 is now available.  It includes a fix
for a security flaw in sudo's environment cleaning that could give a
malicious user with sudo access to a bash script the ability to run
arbitrary commands.  See http://www.sudo.ws/sudo/alerts/bash_functions.html
for more details.

Changes since Sudo 1.6.8p1:

 o Bash exported functions and the CDPATH variable are now stripped from
   the environment passed to the program to be executed.

Commercial support is now available for Sudo.  If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted.

You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html

Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community.  Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo (currently underway).

Master Web Site:
    http://www.sudo.ws/sudo/

Web Site Mirrors:
    http://sudo.stikman.com/ (Los Angeles, California, USA)
    http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
    http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
    http://www.signal42.com/mirrors/sudo_www/ (USA)
    http://sudo.xmundo.net/ (Argentina)
    http://sudo.planetmirror.com/ (Australia)
    http://sunshine.lv/sudo/ (Latvia)
    http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
    http://sudo.cdu.elektra.ru/ (Russia)
    http://sudo.nctu.edu.tw/ (Taiwan)

FTP Mirrors:
    ftp://plier.ucar.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
    ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
    ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
    ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
    ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
    ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
    ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
    ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
    ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
    ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
    ftp://ftp.ujf-grenoble.fr/sudo/ (France)
    ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
    ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
    ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
    ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
    ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
    ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)

HTTP Mirrors:
    http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    http://probsd.org/sudoftp/ (East Coast, USA)
    http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
    http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
    http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
    http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
    http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@...o.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ