sudo 1.8.27-1ubuntu1.1 source package in Ubuntu

Changelog

sudo (1.8.27-1ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via UID -1
    - debian/patches/CVE-2019-14287.patch: treat an ID of -1 as invalid
      in lib/util/strtoid.c.
    - debian/patches/CVE-2019-14287-2.patch: fix and add to tests in
      lib/util/regress/atofoo/atofoo_test.c,
      plugins/sudoers/regress/testsudoers/test5.out.ok,
      plugins/sudoers/regress/testsudoers/test5.sh.
    - CVE-2019-14287

 -- Marc Deslauriers <email address hidden>  Thu, 10 Oct 2019 14:29:24 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-10-11
Uploaded to:
Disco
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Disco updates on 2019-10-14 main admin
Disco security on 2019-10-14 main admin

Downloads

File Size SHA-256 Checksum
sudo_1.8.27.orig.tar.gz 3.1 MiB 7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0
sudo_1.8.27-1ubuntu1.1.debian.tar.xz 32.1 KiB e0f3311099f000d410e425dacefeddb5285db4f554c0f91133a76553152ff93b
sudo_1.8.27-1ubuntu1.1.dsc 2.0 KiB fdccfca3f9ccface7bd8411ae4dbf6169db9b93e3c32ae9433ee927c22227846

View changes file

Binary packages built by this source

sudo: Provide limited super user privileges to specific users

 Sudo is a program designed to allow a sysadmin to give limited root
 privileges to users and log root activity. The basic philosophy is to give
 as few privileges as possible but still allow people to get their work done.
 .
 This version is built with minimal shared library dependencies, use the
 sudo-ldap package instead if you need LDAP support for sudoers.

sudo-dbgsym: debug symbols for sudo
sudo-ldap: Provide limited super user privileges to specific users

 Sudo is a program designed to allow a sysadmin to give limited root
 privileges to users and log root activity. The basic philosophy is to give
 as few privileges as possible but still allow people to get their work done.
 .
 This version is built with LDAP support, which allows an equivalent of the
 sudoers database to be distributed via LDAP. Authentication is still
 performed via pam.

sudo-ldap-dbgsym: debug symbols for sudo-ldap