[Gllug] Advice needed on Ubuntu
John Winters
john at sinodun.org.uk
Wed Feb 15 10:12:18 UTC 2006
On Wed, 2006-02-15 at 11:14 +0100, Dani Pardo wrote:
> Simon Perry wrote:
>
> > sudo nano /etc/apt/sources.list
> > Sudo will then prompt for you password before preceding like so
> > password:
> >
> > or if you intend to be doing a lot of work as root and don't want the
> > extra keystrokes then use "sudo -s" this will prompt you for your
> > password once and leave you effectively logged in as root.
> >
>
> Talking about sudo.. their homepage (http://www.sudo.ws) says that
> versions prior to 1.6.8p9 have a security bug. Now, on my debian 3.1:
>
> novita:~# sudo -V |grep version
> Sudo version 1.6.8p7
> novita:~# apt-get install sudo
> Reading Package Lists... Done
> Building Dependency Tree... Done
> sudo is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 41 not upgraded.
>
> In my /et/apt/sources list I have (among others)
>
>
> deb http://security.debian.org/ stable/updates main contrib
>
>
> So, why doesn't it upgrade my sudo?
Generally speaking, Debian does not bring a new version of an upstream
package into Stable just because there's been a security bug fix in it.
What they do instead is to retro-fit the bug fix to the current version
and release that through security.debian.org. You can thus be sure (or
at least, more confident) that you're getting just the bug fix and not
any other changes.
Now about those 41 packages which are out of date on your system...
John
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list