Bdale Garbee schrieb:
> On Wed, 21 Apr 2010 09:07:30 +0200, Ralf Gross
> <ralf.gr...@stz-softwaretechnik.com> wrote:
> > Package: sudo
> > Version: 1.6.9p17-2+lenny1
>
> Where did you get this version? It's not one of mine.
Simple lenny update, seems to be a security release.
$apt-cache policy sudo
sudo:
Installiert: 1.6.9p17-2+lenny1
Kandidat: 1.6.9p17-2+lenny1
Versions-Tabelle:
*** 1.6.9p17-2+lenny1 0
900 http://debian lenny/updates/main Packages
100 /var/lib/dpkg/status
1.6.9p17-2 0
900 http://debian lenny/main Packages
http://packages.debian.org/lenny/sudo
Paket: sudo (1.6.9p17-2+lenny1) [security]
2010
sudo (1.6.9p17-2+lenny1) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
(Closes: #570737)
* Fixed CVE-2010-0427: When changing the runas user, reset any aux runas
groups we have cached.
-- Giuseppe Iuculano <iucul...@debian.org> Tue, 02 Mar 2010 15:22:43 +0100
> It's possible that one of the fixes for priv escalation holes found in those
> older versions of sudo might be causing the problem. I'd love to know
> if 1.7.2p6-1 which I uploaded to unstable yesterday works for you or
> not, it should back-port to lenny ok, but I haven't tried.
Hm, this version is not available on out local mirror yet. Instead I tried
1.7.2p5-1 from sid, which could be installed without problem on lenny.
The problem seems to be solved with this version:
snmpget -v2c -t 60 -c xxxx -OvQ vumem004
'NET-SNMP-EXTEND-MIB::nsExtendOutputFull."check_areca"'
OK: Controller number: 1 Raid Number: 1 RAID level: Raid6 Capacity: 4000.0GB
State: Normal
What does this mean for the lenny version of sudo? Is it a "broken" security
update?
Ralf
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
