2011年1月14日

[installer 2638] sudo-1.7.4p5

sudo-1.7.4p5 出ています。

セキュリティホールの修正が含まれています。
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
参照のこと。

☆ sudo-1.7.4p5
http://www.sudo.ws/

http://www.sudo.ws/sudo/dist/sudo-1.7.4p5.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4p5.tar.gz

What's new in Sudo 1.7.4p5?

* A bug has been fixed that would allow a command to be run without the
user entering a password when sudo's -g flag is used without the -u flag.

* If user has no supplementary groups, sudo will now fall back on checking
the group file explicitly, which restores historic sudo behavior.

* A crash has been fixed when sudo's -g flag is used without the -u flag
and the sudoers file contains an entry with no runas user or group listed.

* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors,.

* A crash has been fixed when the Solaris project support is enabled
and sudo's -g flag is used without the -u flag.

* Sudo no longer exits with an error when support for auditing is
compiled in but auditing is not enabled.

* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.

* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.

* A crash has been fixed in "sudo -l" when sudo is built with auditing
support and the user is not allowed to run any commands on the host.

----
こがよういちろう


投稿者 xml-rpc : 2011年1月14日 08:43
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101307
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。