Format: 1.8 Date: Wed, 19 Jan 2011 10:39:09 -0600 Source: sudo Binary: sudo sudo-ldap Architecture: armel Version: 1.7.2p1-1ubuntu5.3 Distribution: lucid Urgency: low Maintainer: Ubuntu Build Daemon Changed-By: Jamie Strandboge Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.7.2p1-1ubuntu5.3) lucid-security; urgency=low . * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - pwutil.c, sudo.h: add user_in_group(), backported from upstream commits 48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used only with check.c to fix CVE-2011-0010 instead of doing the refactoring. Going forward, will need to look at this code also if a flaw is found in this refactored code. If needed, the refactoring work is in 48ca8c2eddf8 and 6ebc55d4716b. - check.c: prompt for password when the user is running sudo as himself but as a different group. Backported from fe8a94f96542. - CVE-2011-0010 Checksums-Sha1: 09141ceefd9218a6020d4298a3d564eb3eaa16eb 306620 sudo_1.7.2p1-1ubuntu5.3_armel.deb 84f6e138405fda77fbf56a409399292151b5a232 329590 sudo-ldap_1.7.2p1-1ubuntu5.3_armel.deb Checksums-Sha256: 2aeae52974cc078461d914933cd4101474ea94abde9c9d3d3a61975038079a33 306620 sudo_1.7.2p1-1ubuntu5.3_armel.deb e6866cf365ec15a729652085b56c893f3c003a006c7b124074294affa4d875ee 329590 sudo-ldap_1.7.2p1-1ubuntu5.3_armel.deb Files: 6344b4adc273990b62a2f41eec2785d3 306620 admin optional sudo_1.7.2p1-1ubuntu5.3_armel.deb 2c3b34db34f64c970f9b7c2efc39d453 329590 admin optional sudo-ldap_1.7.2p1-1ubuntu5.3_armel.deb Original-Maintainer: Bdale Garbee