Univention Bugzilla – Attachment 6811 Details for
Bug 34270
sudo: Insufficient environment sanitising (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory
3.1-sudo.txt.asc (text/plain), 1.62 KB, created by
Arvid Requate
on 2015-04-08 21:07:32 CEST
(
hide
)
Description:
Advisory
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2015-04-08 21:07:32 CEST
Size:
1.62 KB
patch
obsolete
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >A new update is available for Univention Corporate Server 3.1 as >part of the extended security maintenance. >It addresses the following problem: > >Program component: sudo >Reference: CVE-2014-0106 CVE-2014-9680 >Fixed version: 1.7.4p4-2.squeeze.5.38.201504082027 > >Two vulnerabilities have been found in sudo: > * env_delete ignored for environment variables specified > on the command line when env_reset is disabled (CVE-2014-0106) > * Arbitrary file access via user defined TZ environment variable > (CVE-2014-9680) > >- -- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876 >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.10 (GNU/Linux) > >iQIcBAEBAgAGBQJVJXrFAAoJEC07aMN37ihbQ3sP/izli6DYPBmflwx3e+fo3QjM >5tHnG2mtyU50uDKWiCeWxBePcqGchcVwTPZWRSAP3mdkX9fswprl1PKITzBt9SdR >CRBbQXUku9KwtkO5XBep117Pt3d9c7EneWs4eaFZaiMBfUDfw2cf36qfg78J3wH2 >fStaSJSGtl5Nucj/Dk9JEoTq8nyPIf4XOTamsSthozuFAudGS8kzNE0jZkfljfgw >RFZaacKMHYb4jlkj3Hcp7a6GCZDAEDrBlY2mWKFJv5PzgZosOe9e2rKzPGO0ac5D >m5Rm+fW5AIAYGtERow+9hzGX8RgToS5hrdn98tH08ZMHoN2kII4dPsiU5yUAm546 >kgksi1suHAeP+HZp3r/YDMgR1rMQzCKCDPvOo4ix+6VNUkFfF5hODKbbIZ4WT8sl >8w8wzd5X+OISuNONtXh37bUTONnvsAdmr+ws60gMfBzaSyWSS8SfCCIZzzQiOj/E >tm6FnbQvTfNmc/vNZnwV9EVF2SYOTrW+GdhceNay1Ws7Garsk2NZTsBR31DZJQnl >6fXeWdAq2fOzj0gAIE1nKuncUIkJX/VsZdrCs2oFqZtsZN9X9ABdh9TY5qDWTwe0 >8LbF61pIUpzQBsns6RmCueBYhSbCkCNjaDPY4L/cpCMVtmz4D7WSVAIyLq4s/H3Z >/M4PiN0RaouawCvmckjS >=PiHV >-----END PGP SIGNATURE-----
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6811">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 34270
: 6811