Sudo security advisory
Wesley Shields
wxs at FreeBSD.org
Mon Jan 30 16:50:47 UTC 2012
On Mon, Jan 30, 2012 at 10:56:44AM -0500, Mike Tancsa wrote:
> Hi,
>
>
> http://www.gratisoft.us/sudo/alerts/sudo_debug.html
>
> >From the advisory,
>
> Successful exploitation of the bug will allow a user to run arbitrary
> commands as root.
> Exploitation of the bug does *not* require that the attacker be listed
> in the sudoers file. As such, we strongly suggest that affected sites
> upgrade from affected sudo versions as soon as possible.
Turns out my son is taking a longer than usual nap, which gave me enough
time to get the update in the tree and a VuXML entry in for it. Please
wait for them to mirror out.
If you have any untrusted users you really should update quickly. If
there are any problems please let me know.
-- WXS
More information about the freebsd-ports
mailing list