Date: Thu, 25 Apr 2002 14:10:26 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Cc: bugtraq@securityfocus.com
Subject: [slackware-security] sudo upgrade fixes a potential vulnerability


New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Apr 25 12:00:50 PDT 2002
patches/packages/sudo.tgz:  Upgraded to sudo-1.6.6.
  This version of sudo fixes a security problem whereby a local user may gain
  root access through corruption of the heap (Off-By-Five).
  This issue was discovered by Global InterSec LLC, and more information may
  be found on their web site:
    
The discussion on the site indicates that this problem may only be exploitable
  on systems that use PAM, which Slackware does not use.  However, in the
  absence of proof, it still seems prudent to upgrade sudo immediately.
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------

Updated sudo package for Slackware 7.1: 
 

Updated sudo package for Slackware 8.0: 
 

Updated sudo package for Slackware -current: 
 


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 7.1:
1f2eb2c0e01c5d2182431cc401f78a89  sudo.tgz

Slackware 8.0:
d0598233fefeb9d37450eec10a087e07  sudo.tgz

Slackware -current:
26c70a9a740823353300b23f110b3cca  sudo-1.6.6-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new sudo.tgz package:
# upgradepkg sudo.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'sudo' Local buffer overflow vulnerability

April 26, 2002
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Thu, 25 Apr 2002 14:10:26 -0700 (PDT) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Cc: bugtraq@securityfocus.com Subject: [slackware-security] sudo upgrade fixes a potential vulnerability
New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.
Here's the information from the Slackware 8.0 ChangeLog:
---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6.6. This version of sudo fixes a security problem whereby a local user may gain root access through corruption of the heap (Off-By-Five). This issue was discovered by Global InterSec LLC, and more information may be found on their web site: The discussion on the site indicates that this problem may only be exploitable on systems that use PAM, which Slackware does not use. However, in the absence of proof, it still seems prudent to upgrade sudo immediately. (* Security fix *) ----------------------------
WHERE TO FIND THE NEW PACKAGES: -------------------------------
Updated sudo package for Slackware 7.1:
Updated sudo package for Slackware 8.0:
Updated sudo package for Slackware -current:
MD5 SIGNATURE: --------------
Here is the md5sum for the package:
Slackware 7.1: 1f2eb2c0e01c5d2182431cc401f78a89 sudo.tgz
Slackware 8.0: d0598233fefeb9d37450eec10a087e07 sudo.tgz
Slackware -current: 26c70a9a740823353300b23f110b3cca sudo-1.6.6-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
As root, upgrade to the new sudo.tgz package: # upgradepkg sudo.tgz
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved