From owner-freebsd-ports@FreeBSD.ORG Mon Jan 30 16:05:39 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91004106566B for ; Mon, 30 Jan 2012 16:05:39 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6BED18FC0A for ; Mon, 30 Jan 2012 16:05:39 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id 7D2F45C34; Mon, 30 Jan 2012 11:05:38 -0500 (EST) Date: Mon, 30 Jan 2012 11:05:38 -0500 From: Wesley Shields To: Mike Tancsa Message-ID: <20120130160538.GA89327@atarininja.org> References: <4F26BDBC.5090003@sentex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F26BDBC.5090003@sentex.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports@freebsd.org Subject: Re: Sudo security advisory X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2012 16:05:39 -0000 On Mon, Jan 30, 2012 at 10:56:44AM -0500, Mike Tancsa wrote: > Hi, > > > http://www.gratisoft.us/sudo/alerts/sudo_debug.html > > >From the advisory, > > Successful exploitation of the bug will allow a user to run arbitrary > commands as root. > Exploitation of the bug does *not* require that the attacker be listed > in the sudoers file. As such, we strongly suggest that affected sites > upgrade from affected sudo versions as soon as possible. I was aware of this last night but was not planning on touching a computer until I'm officially off vacation tomorrow. However, I think I have enough time today to get the updated version in the tree along with a VuXML entry. Update your ports tree later tonight and hopefully it will be in there. -- WXS