UbuntuUpdates.org

Package "sudo"

Name: sudo

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Provide limited super user privileges to specific users
Latest version: 1.8.3p1-1ubuntu3.10
Release: precise (12.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "sudo" in Precise

Repository Area Version
base universe 1.8.3p1-1ubuntu3
base main 1.8.3p1-1ubuntu3
security main 1.8.3p1-1ubuntu3.10
updates universe 1.8.3p1-1ubuntu3.10
updates main 1.8.3p1-1ubuntu3.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.8.3p1-1ubuntu3.10 2021-05-03 15:06:28 UTC

  sudo (1.8.3p1-1ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jan 2021 08:49:33 -0300
Source diff to previous version
CVE-2021-3156 Heap-based buffer overflow

Version: 1.8.3p1-1ubuntu3.7 2015-03-16 14:07:04 UTC

  sudo (1.8.3p1-1ubuntu3.7) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file access via TZ
    - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
      configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
      pathnames.h.in, plugins/sudoers/env.c.
    - CVE-2014-9680
 -- Marc Deslauriers <email address hidden> Thu, 12 Mar 2015 11:32:42 -0400
Source diff to previous version
CVE-2014-9680 preserves TZ by default

Version: 1.8.3p1-1ubuntu3.6 2014-03-13 15:06:36 UTC

  sudo (1.8.3p1-1ubuntu3.6) precise-security; urgency=medium

  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - debian/patches/CVE-2014-0106.patch: fix logic inversion in
      plugins/sudoers/env.c.
    - CVE-2014-0106
  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:56:53 -0400
Source diff to previous version
1223297 sudo init script should set date to epoch, not 1985-01-01

Version: 1.8.3p1-1ubuntu3.4 2013-02-28 14:06:44 UTC

  sudo (1.8.3p1-1ubuntu3.4) precise-security; urgency=low

  * SECURITY UPDATE: authentication bypass via clock set to epoch
    - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
      set to epoch in plugins/sudoers/check.c.
    - CVE-2013-1775
 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2013 13:34:15 -0500
Source diff to previous version

Version: 1.8.3p1-1ubuntu3.2 2012-05-16 19:06:53 UTC

  sudo (1.8.3p1-1ubuntu3.2) precise-security; urgency=low

  * SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
    Host_List values
    - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
      addresses. Based on upstream patch.
    - CVE-2012-2337
 -- Tyler Hicks <email address hidden> Tue, 15 May 2012 23:28:04 -0500
CVE-2012-2337 sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local


About   -   Send Feedback to @ubuntu_updates