-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: sudo
Announcement-ID: SuSE-SA:2001:13
Date: Wednesday, April 18th, 2001 12.26 MEST
Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
Vulnerability Type: possible local root compromise
Severity (1-10): 6
SuSE default package: no
Other affected systems: all systems using sudo
Content of this advisory:
1) security vulnerability resolved: sudo
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The setuid application sudo(8) allows a user to execute commands under
the privileges of another user (including root).
sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow
in it's logging code, which could lead to local root compromise.
There is no exploit known to be public.
A useful workaround isn't possible, the only fix is to install the new
sudo packages.
Download the update package from locations described below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
i386 Intel Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/sudo-1.6.3p6-3.i386.rpm
b0d658c98effd4e11bed6d8c1f5f80f9
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sudo-1.6.3p6-3.src.rpm
a4b44f0998a165b3a69c598075420b7f
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/sudo-1.6.3p6-21.i386.rpm
a002d657c7faf24b9fb5b430061e6c19
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sudo-1.6.3p6-21.src.rpm
d9ebc68015886fb642a1795e21bde788
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/sudo-1.5.9p1-79.i386.rpm
8a25b40ba081be885b214410b3c662ce
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm
9a13efa0d76a4fe3cbda7dcd2e2befe0
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/sudo-1.5.9p1-80.i386.rpm
a6e359c6449d764199bce3b7bc2867d8
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/sudo-1.5.9p1-80.src.rpm
b89db78d5b8d04b10ac6e17c29cec1c4
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/sudo-1.5.9p1-79.i386.rpm
c3fbbff2219bf948f9b209eefafab4fe
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/sudo-1.5.9p1-79.src.rpm
85ae3e3b9ef159201bb661e8f83e82d3
SuSE-6.1
Packets for 6.1 won't be available, sorry.
Try to install the 6.2-RPM, please.
Sprac Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/sudo-1.6.3p6-8.sparc.rpm
5531c5be20082b084e940d4e66dffea0
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sudo-1.6.3p6-8.src.rpm
98fb9920e8de32727deb5e4295ee70d4
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/sudo-1.6.3p6-9.sparc.rpm
cdd87431019ace22d0a2b0d46b294856
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sudo-1.6.3p6-9.src.rpm
846035dcf0e42d22aac5d0dc77d90a02
AXP Alpha Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/sudo-1.6.3p6-12.alpha.rpm
c0fea14a3c0e565892f150cf97d971ed
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sudo-1.6.3p6-12.src.rpm
42651a443d7ca62415bc2d3ef3dc5bde
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/sudo-1.5.9p1-79.alpha.rpm
9a177de02176df90d8006fc7e8adae0d
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm
9f52a3df082ba513cbc0af5da6cccbe4
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/sudo-1.5.9p1-79.alpha.rpm
5bbe1f211cb53758ad2840d192280269
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/sudo-1.5.9p1-79.src.rpm
4687f818ab5dbc50b1c0a3b907775f30
PPC PowerPC Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/sudo-1.6.3p6-5.ppc.rpm
199a677423a84bc577a7a9199e5e22d4
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sudo-1.6.3p6-5.src.rpm
49ed607375823b56d819e0610e3a8d31
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/sudo-1.6.3p6-10.ppc.rpm
03ffbcf07ba9a4222c75b162c97f9292
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sudo-1.6.3p6-10.src.rpm
a07d0b0283ca83e14c4d58ca9bcc933c
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/sudo-1.5.9p1-80.ppc.rpm
b5c9dee89ee0101fa8ac5795c1e8e49c
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/sudo-1.5.9p1-80.src.rpm
bfc917660898fdf9f2de170895ca7b22
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- New RPMs for HylaFax, a Fax Server, are currently being build, which
fix a format bug in hfaxd, which could lead to local root privilege.
- NEdit a GUI-style text editor needs an update due to a tmp race
condition. The source code is currently being reviewed and new
RPMs will be available within the next days.
- Updated man RPMs will be available in a few days.
- In the past weeks, some security related bugs in the Linux kernel 2.2
and 2.4 were found. An announcement, that addresses this will be
released this week.
- Samba has serveral security problems, which could lead to local root
access. Samba 2.0.8 fixes these problems. New RPMs are currently being
build.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to