Package: sudo
Version: 1.6.9p17-2
Severity: important

http://www.sudo.ws/sudo/alerts/group_vector.html

A bug was introduced in Sudo's group matching code in version 1.6.9 when 
support for matching based on the supplemental group vector was added. This bug 
may allow certain users listed in the sudoers file to run a command as a 
different user than their access rule specifies.

etc ...

Ubuntu fixed this in here:
http://www.ubuntu.com/usn/usn-722-1


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-vserver-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libpam-modules                1.0.1-5    Pluggable Authentication Modules f
ii  libpam0g                      1.0.1-5    Pluggable Authentication Modules l

sudo recommends no packages.

sudo suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to