[Cucumber-linux-security] sudo (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] sudo (security update is available)
|
From: Z5T1 <z5...@z5...> - 2017-05-30 22:02:23
|
Update Information A security update is available for sudo for the following versions of Cucumber Linux: * 1.0.beta Here are the details from the Cucumber 1.0.beta changelog: +----------------+ Tue May 30 17:27:43 EDT 2017 apps-base/sudo upgraded from 1.8.17p1 to 1.8.20p1 to fix CVE-2017-1000367, a security vulnerability in which a user with sudo access could trick sudo into using an arbitrary device number (i.e. an arbitrary tty instead of the one the user is actually using) via a specially crafted symbolic link. For more information see: https://www.sudo.ws/alerts/linux_tty.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure sudo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.beta i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-i686/apps-base/sudo-1.8.20p1-i686-1.txz Cucumber 1.0.beta x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/apps-base/sudo-1.8.20p1-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg sudo-1.8.20p1-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
