Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorysoftware updateRed Hat Enterprise LinuxRed Hat 6: RHSA-2011:0599-01 Low Severity Sudo Update Advisory
An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sudo security and bug fix update Advisory ID: RHSA-2011:0599-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0599.html Issue date: 2011-05-19 CVE Names: CVE-2011-0010 ==================================================================== 1. Summary: An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. (CVE-2011-0010) This update also fixes the following bugs: * When the "/etc/sudoers" file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, running the "sudo -l" command nowproduces the correct output. (BZ#603823) * Prior to this update, the manual page for sudoers.ldap was not installed, even though it contains important information on how to set up an LDAP (Lightweight Directory Access Protocol) sudoers source, and other documents refer to it. With this update, the manual page is now properly included in the package. Additionally, various POD files have been removed from the package, as they are required for build purposes only. (BZ#634159) * The previous version of sudo did not use the same location for the LDAP configuration files as the nss_ldap package. This has been fixed and sudo now looks for these files in the same location as the nss_ldap package. (BZ#652726) * When a file was edited using the "sudo -e file" or the "sudoedit file" command, the editor being executed for this task was logged only as "sudoedit". With this update, the full path to the executable being used as an editor is now logged (instead of "sudoedit"). (BZ#665131) * A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default "/etc/sudoers" file to clarify its usage. (BZ#688640) * This erratum upgrades sudo to upstream version 1.7.4p5, which provides a number of bug fixes and enhancements over the previous version. (BZ#615087) All users of sudo are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (https://bugzilla.redhat.com/): 603823 - sudo - fix printing of entries with multiple host entries on a single line. 615087 - Rebase sudo to version 1.7.3 634159 - .pod files are packaged under /usr/share/doc/sudo*, and man page for sudoers.ldap is missing 652726 - sudo and nss_ldap use different ldap.conf 668879 - CVE-2011-0010sudo: does not ask for password on GID changes 688640 - Add comment about the visiblepw option into sudoers 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm ppc64: sudo-1.7.4p5-5.el6.ppc64.rpm sudo-debuginfo-1.7.4p5-5.el6.ppc64.rpm s390x: sudo-1.7.4p5-5.el6.s390x.rpm sudo-debuginfo-1.7.4p5-5.el6.s390x.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-0010 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Revised Sudo software rectifies vulnerabilities and issues in CentOS, classified as low risk by the assessment team.. Red Hat Security Fix, Linux Sudo Update, System Admin Insights. . Severity: Low. LinuxSecurity.com Team
May 19, 2011
•Low
Red Hat
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 5: RHSA-2010:0361-01 Moderate: Sudo Exploit
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security update Advisory ID: RHSA-2010:0361-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0361.html Issue date: 2010-04-20 CVE Names: CVE-2010-1163 ==================================================================== 1. Summary: An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. This ability introduced a regression in the upstream fix for CVE-2010-0426. In configurations where the ignore_dot option was set to off (the default is on for the Red Hat Enterprise Linux 5 sudo package), a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the userssudoedit was authorized to run as. (CVE-2010-1163) Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna asthe original reporter. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 580441 - CVE-2010-1163 sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: sudo-1.7.2p1-6.el5_5.i386.rpm sudo-debuginfo-1.7.2p1-6.el5_5.i386.rpm x86_64: sudo-1.7.2p1-6.el5_5.x86_64.rpm sudo-debuginfo-1.7.2p1-6.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: sudo-1.7.2p1-6.el5_5.i386.rpm sudo-debuginfo-1.7.2p1-6.el5_5.i386.rpm ia64: sudo-1.7.2p1-6.el5_5.ia64.rpm sudo-debuginfo-1.7.2p1-6.el5_5.ia64.rpm ppc: sudo-1.7.2p1-6.el5_5.ppc.rpm sudo-debuginfo-1.7.2p1-6.el5_5.ppc.rpm s390x: sudo-1.7.2p1-6.el5_5.s390x.rpm sudo-debuginfo-1.7.2p1-6.el5_5.s390x.rpm x86_64: sudo-1.7.2p1-6.el5_5.x86_64.rpm sudo-debuginfo-1.7.2p1-6.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-1163 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. . Red Hat issued a considerable advisory for sudo related to a vulnerability, urging users to update. Further information available.. Red Hat Advisory, Sudo Update, Privilege Escalation. . LinuxSecurity.com Team
Apr 20, 2010
Red Hat
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat Enterprise Linux 5 RHSA-2009:0267-01 Moderate: Sudo Escalation Risk
An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security update Advisory ID: RHSA-2009:0267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0267.html Issue date: 2009-02-05 CVE Names: CVE-2009-0034 ==================================================================== 1. Summary: An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands as any user of some group and the user was also a member of that group, sudo incorrectly allowed them to run defined commands with the privileges of any system user. This gave the user unintended privileges. (CVE-2009-0034) Users of sudo should update to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed(http://bugzilla.redhat.com/): 481720 - CVE-2009-0034 sudo: incorrect handling of groups in Runas_User 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: sudo-1.6.9p17-3.el5_3.1.i386.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.i386.rpm x86_64: sudo-1.6.9p17-3.el5_3.1.x86_64.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: sudo-1.6.9p17-3.el5_3.1.i386.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.i386.rpm ia64: sudo-1.6.9p17-3.el5_3.1.ia64.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.ia64.rpm ppc: sudo-1.6.9p17-3.el5_3.1.ppc.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.ppc.rpm s390x: sudo-1.6.9p17-3.el5_3.1.s390x.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.s390x.rpm x86_64: sudo-1.6.9p17-3.el5_3.1.x86_64.rpm sudo-debuginfo-1.6.9p17-3.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0034 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJixI6XlSAg2UNWIIRAg5jAJ40rzHZi2LyUDTRnHrQc/0HIvVOpwCeMo5L DEqgF36XM+F/0g79dL5MV4k=1MjX -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 05, 2009
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!