From owner-freebsd-ports@FreeBSD.ORG Mon Jan 30 16:50:47 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC56F1065670 for ; Mon, 30 Jan 2012 16:50:47 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id A7F1C8FC12 for ; Mon, 30 Jan 2012 16:50:47 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id EE46B5C45; Mon, 30 Jan 2012 11:50:46 -0500 (EST) Date: Mon, 30 Jan 2012 11:50:46 -0500 From: Wesley Shields To: ports@freebsd.org Message-ID: <20120130165046.GD89327@atarininja.org> References: <4F26BDBC.5090003@sentex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F26BDBC.5090003@sentex.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: Re: Sudo security advisory X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2012 16:50:47 -0000 On Mon, Jan 30, 2012 at 10:56:44AM -0500, Mike Tancsa wrote: > Hi, > > > http://www.gratisoft.us/sudo/alerts/sudo_debug.html > > >From the advisory, > > Successful exploitation of the bug will allow a user to run arbitrary > commands as root. > Exploitation of the bug does *not* require that the attacker be listed > in the sudoers file. As such, we strongly suggest that affected sites > upgrade from affected sudo versions as soon as possible. Turns out my son is taking a longer than usual nap, which gave me enough time to get the update in the tree and a VuXML entry in for it. Please wait for them to mirror out. If you have any untrusted users you really should update quickly. If there are any problems please let me know. -- WXS