From owner-freebsd-security Thu Feb 22 11:15: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id C3CCB37B65D; Thu, 22 Feb 2001 11:15:00 -0800 (PST) (envelope-from cdf.lists@fxp.org) Received: by peitho.fxp.org (Postfix, from userid 1501) id 55C0713614; Thu, 22 Feb 2001 14:14:59 -0500 (EST) Date: Thu, 22 Feb 2001 14:14:59 -0500 From: Chris Faulhaber To: "Bruce A. Mah" Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: Sudo version 1.6.3p6 now available (fwd) Message-ID: <20010222141459.A70502@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , "Bruce A. Mah" , Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG References: <200102221627.f1MGRk149151@cwsys.cwsent.com> <200102221908.f1MJ8NY42653@bmah-freebsd-0.cisco.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102221908.f1MJ8NY42653@bmah-freebsd-0.cisco.com>; from bmah@FreeBSD.ORG on Thu, Feb 22, 2001 at 11:08:23AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 22, 2001 at 11:08:23AM -0800, Bruce A. Mah wrote: > If memory serves me right, Cy Schubert - ITSD Open Systems Group wrote: > > As I don't have time to submit a PR for the sudo port morning, I'm=20 > > sending this to -security. >=20 > [snip] >=20 > > Sudo version 1.6.3p6 is now available (ftp sites listed at the end). > > This fixes a *buffer overflow* in sudo which is a potential security > > problem. I don't know of any exploits that currently exist but I > > suggest that you upgrade none the less. >=20 > Someone already updated the version in the ports tree: >=20 > bmah-freebsd-0:bmah% pkg_version -v | grep sudo > sudo-1.6.3.6 =3D up-to-date with port >=20 Though the commit message is confusing: Update to 1.6.3p5 --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjqVZTMACgkQObaG4P6BelDIJACfeYh5c6Pw+isR7vfA7nZGv2Sd AnQAnA5rqU3X0K2cEStYa2Rv76/lhOys =dHsR -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message