Le vendredi 20 janvier 2006 à 11:24 +0100, Martin Schulze a écrit :
> This update alters the former behaviour of sudo and limits the number
> of supported environment variables to LC_*, LANG, LANGUAGE and TERM.
> Additional variables are only passed through when set as env_check in
> /etc/sudoers,
Marc Haber wrote:
>> Package: sudo
>> Vulnerability : missing input sanitising
>> Problem type : local
>> Debian-specific: no
>> CVE IDs: CVE-2005-4158 CVE-2006-0151
>> Debian Bug : 342948
>>
>> For unstable
>> "Defaults = env_reset" need to be addeed to /etc/sudoers manuall
Marc Haber wrote:
For unstable
"Defaults = env_reset" need to be addeed to /etc/sudoers manually.
Why is this only necessary on unstable systems? The security update
doesn't seem to add this on stable systems automatically, so it might
be necessary to manually add this on stable and testing as
On Fri, Jan 20, 2006 at 11:24:04AM +0100, Martin Schulze wrote:
> - --
> Debian Security Advisory DSA 946-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> Ja
4 matches
Mail list logo
