Date: Thu, 25 Apr 2002 14:10:26 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Cc: bugtraq@securityfocus.com
Subject: [slackware-security] sudo upgrade fixes a potential vulnerability


New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Apr 25 12:00:50 PDT 2002
patches/packages/sudo.tgz:  Upgraded to sudo-1.6.6.
  This version of sudo fixes a security problem whereby a local user may gain
  root access through corruption of the heap (Off-By-Five).
  This issue was discovered by Global InterSec LLC, and more information may
  be found on their web site:
    
The discussion on the site indicates that this problem may only be exploitable
  on systems that use PAM, which Slackware does not use.  However, in the
  absence of proof, it still seems prudent to upgrade sudo immediately.
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------

Updated sudo package for Slackware 7.1: 
 

Updated sudo package for Slackware 8.0: 
 

Updated sudo package for Slackware -current: 
 


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 7.1:
1f2eb2c0e01c5d2182431cc401f78a89  sudo.tgz

Slackware 8.0:
d0598233fefeb9d37450eec10a087e07  sudo.tgz

Slackware -current:
26c70a9a740823353300b23f110b3cca  sudo-1.6.6-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new sudo.tgz package:
# upgradepkg sudo.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'sudo' Local buffer overflow vulnerability

April 26, 2002
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Thu, 25 Apr 2002 14:10:26 -0700 (PDT) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Cc: bugtraq@securityfocus.com Subject: [slackware-security] sudo upgrade fixes a potential vulnerability
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.
Here's the information from the Slackware 8.0 ChangeLog:
---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6.6. This version of sudo fixes a security problem whereby a local user may gain root access through corruption of the heap (Off-By-Five). This issue was discovered by Global InterSec LLC, and more information may be found on their web site: The discussion on the site indicates that this problem may only be exploitable on systems that use PAM, which Slackware does not use. However, in the absence of proof, it still seems prudent to upgrade sudo immediately. (* Security fix *) ----------------------------
WHERE TO FIND THE NEW PACKAGES: -------------------------------
Updated sudo package for Slackware 7.1:
Updated sudo package for Slackware 8.0:
Updated sudo package for Slackware -current:
MD5 SIGNATURE: --------------
Here is the md5sum for the package:
Slackware 7.1: 1f2eb2c0e01c5d2182431cc401f78a89 sudo.tgz
Slackware 8.0: d0598233fefeb9d37450eec10a087e07 sudo.tgz
Slackware -current: 26c70a9a740823353300b23f110b3cca sudo-1.6.6-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
As root, upgrade to the new sudo.tgz package: # upgradepkg sudo.tgz
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved