[Gllug] Advice needed on Ubuntu
Russell Howe
rhowe at siksai.co.uk
Wed Feb 15 11:06:12 UTC 2006
On Wed, Feb 15, 2006 at 11:53:15AM +0100, Dani Pardo wrote:
> critical bugs of sudo (1.6.8p7-1.3 -> ) <open>
> #315115 - [bugtraq] Sudo version 1.6.8p9 now available, fixes security
> issue.
> Merged with: 315718
> Summary:
> sudo(1 bug)
>
> So, I should conclude that I'm still vulnerable after the upgrade..
> But this bug has been reported on July 2005. Do I have to manually
> compile sudo or I'm missing something? I'm pretty new to Debian, sorry..
1) Read the bug report (can be done inside apt-listbugs or at
http://bugs.debian.org/315115 ) to see if there's been any word from the
package maintainer.
2) Read /usr/share/doc/sudo/changelog.Debian.gz to see if there have
been changes made to the package in relation to the flaw in question.
There are occasionally cases where Debian avoids a vulnerability in a
program due to the compilation options used by the packager, or the way
the .deb installation scripts install the package (it's also true that
Debian sometimes creates its own vulnerabilities due to the same
reasons, although it's been a while since I recall seeing a
'Debian-specific: yes' in a DSA...)
Finally, if you're unsure, you could always try to exploit sudo on your
machine as a way of testing your exposure.
--
Russell Howe | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list