From owner-freebsd-security Thu Feb 22 8:28:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 78B1B37B491 for ; Thu, 22 Feb 2001 08:28:07 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA29185 for ; Thu, 22 Feb 2001 08:28:03 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda29183; Thu Feb 22 08:28:00 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f1MGRtw25390 for ; Thu, 22 Feb 2001 08:27:55 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdb25388; Thu Feb 22 08:27:47 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.2/8.9.1) id f1MGRk149151 for ; Thu, 22 Feb 2001 08:27:46 -0800 (PST) Message-Id: <200102221627.f1MGRk149151@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdG48726; Thu Feb 22 08:27:23 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: freebsd-security@freebsd.org Subject: Sudo version 1.6.3p6 now available (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 22 Feb 2001 08:27:23 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As I don't have time to submit a PR for the sudo port morning, I'm sending this to -security. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC ------- Forwarded Message [headers removed] Message-Id: <200102221552.f1MFqvE25180@xerxes.courtesan.com> To: sudo-announce@courtesan.com Subject: Sudo version 1.6.3p6 now available Date: Thu, 22 Feb 2001 08:52:56 -0700 From: "Todd C. Miller" Sender: sudo-announce-admin@courtesan.com Errors-To: sudo-announce-admin@courtesan.com X-BeenThere: sudo-announce@courtesan.com X-Mailman-Version: 2.0.1 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Moderated list for general sudo announcementss List-Unsubscribe: , Sudo version 1.6.3p6 is now available (ftp sites listed at the end). This fixes a *buffer overflow* in sudo which is a potential security problem. I don't know of any exploits that currently exist but I suggest that you upgrade none the less. Sudo has a good track record wrt secure coding, but this one slipped by me. - todd Sudo web site: http://www.courtesan.com/sudo/ Master FTP sites: ftp.courtesan.com:/pub/sudo/ ftp.cs.colorado.edu:/pub/sudo/ FTP Mirrors: ftp.uu.net:/pub/security/sudo/ (Falls Church, Virginia, USA) ftp.tux.org:/pub/security/sudo/ (Beltsville, Maryland, USA) coast.cs.purdue.edu:/pub/tools/unix/sudo/ (West Lafayette, Indiana, USA) ftp.uwsg.indiana.edu:/pub/sudo/ (Bloomington, Indiana, USA) ftp.tamu.edu:/pub/mirrors/ftp.courtesan.com/ (College Station, Texas, USA) ftp.rge.com:/pub/admin/sudo/ (Rochester, New York, USA) ftp.srv.ualberta.ca:/pub/Mirror/sudo/ (Canada) ftp.umds.ac.uk:/pub/sudo/ (Great Britain) ftp.iphil.net:/pub/sudo/ (Makati City, Philippines) ftp.csc.cuhk.edu.hk:/pub/packages/unix-tools/sudo/ (Hong Kong) ftp.icm.edu.pl:/vol/wojsyl5/sudo/ (Poland) ftp.tuwien.ac.at:/utils/admin-tools/sudo/ (Austria) ftp.eunet.cz:/pub/security/sudo/ (Czechoslovakia) ftp.tvi.tut.fi:/pub/security/unix/sudo/ (Finland) ftp.lps.ens.fr:/pub/software/sudo/ (France) ftp.crihan.fr:/pub/security/sudo/ (France) ftp.sai.msu.su:/pub/unix/security/ (Russia) ftp.mc.hik.se:/pub/unix/security/sudo/ (Sweden) ftp.rz.uni-osnabrueck.de/pub/unix/security/sudo/ (Germany) ftp.edu.tw:/UNIX/sudo/ (Taiwan) ftp.win.ne.jp:/pub/misc/sudo/ (Japan) ftp.st.ryukoku.ac.jp:/pub/security/tool/sudo/ (Japan) ftp.eos.hokudai.ac.jp:/pub/misc/sudo/ (Japan) ftp.tokyonet.ad.jp:/pub/security/sudo/ (Japan) ftp.kobe-u.ac.jp:/pub/util/security/tool/sudo/ (Japan) ftp.cin.nihon-u.ac.jp:/pub/util/sudo/ (Japan) ftp.fujitsu.co.jp:/pub/misc/sudo/ (Japan) core.ring.gr.jp:/pub/misc/sudo/ (Japan) ftp.ring.gr.jp:/pub/misc/sudo/ (Japan) Master WWW site: http://www.courtesan.com/sudo/dist/ WWW Mirrors: http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA) http://gd.tuwien.ac.at/utils/admin-tools/sudo/ (Austria) http://sudo.cdu.elektra.ru/ (Russia) http://www.ring.gr.jp/archives/misc/sudo/ (Japan) http://core.ring.gr.jp/archives/misc/sudo/ (Japan) RPMs: ftp://ftp.rpmfind.net/linux/falsehope/pub/sudo ftp://ftp.tux.org/pub/sites/ftp.falsehope.com/sudo ftp://ftp.freshmeat.net/pub/rpms/sudo Note that mirror sites may take a while to update. - --- Todd C. Miller Sysadmin/Consultant Todd.Miller@courtesan.com ____________________________________________________________ sudo-announce mailing list For list information, options, or to unsubscribe, visit: http://www.courtesan.com/mailman/listinfo/sudo-announce ------- End of Forwarded Message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message