On 2013-11-02, Cybe R. Wizard <[email protected]> wrote: >> http://www.sudo.ws/sudo/alerts/sudo_debug.html >> >> Impact: Successful exploitation of the bug will allow a user to run >> arbitrary commands as root. >> >> Exploitation of the bug does not require that the attacker be listed >> in the sudoers file. As such, we strongly suggest that affected sites >> upgrade from affected sudo versions as soon as possible. >> > How valid is that considering that Wheezy is using sudo > version 1.8.5p2-1+nmu1 ? May I assume that there are still a lot of > non-upgraded machines out there? Maybe best advice would be to upgrade > their whole Debian.
I thought we were talking about people running "unpatched" sudos in distros where the program isn't included in the official repositories of packages and therefore gets no security updates (or something)? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
