Your message dated Mon, 05 Jun 2017 12:48:42 +0000
with message-id <e1dhrr4-0005jg...@fasolo.debian.org>
and subject line Bug#863897: fixed in sudo 1.8.20p1-1.1
has caused the Debian Bug report #863897,
regarding sudo: CVE-2017-1000368: Arbitrary terminal access due to issue in
parsing /proc/[pid]/stat when process name contains newline
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
863897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sudo
Version: 1.8.10p3-1
Severity: important
Tags: patch upstream
Hi
sudo 1.8.20p2 fixes an issue in parsing /proc/[pid]/stat when the
process name contains a newline.
The bug is not exploitable due to the changes in how /dev is traversed
made in sudo 1.8.20p1 for CVE-2017-1000367.
Still it is probably good to have it fixed in a point release as well
for stable releases (or if accepted by the release team as well
targetted for stretch).
Announce:
https://www.sudo.ws/pipermail/sudo-announce/2017-May/000155.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.8.20p1-1.1
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jun 2017 14:19:33 +0200
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.8.20p1-1.1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 863897
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Changes:
sudo (1.8.20p1-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Use /proc/self consistently on Linux
* CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
Checksums-Sha1:
632b59c58896d36142379c33d11e2d34fe029fdd 2162 sudo_1.8.20p1-1.1.dsc
f1b0157950c46e859f4a2038322b09aa1f83e2b7 24368 sudo_1.8.20p1-1.1.debian.tar.xz
Checksums-Sha256:
a9db40dc5f6c7b318cb4e3dea0263f9c3989c034f107155f437f4766d06b6ff1 2162
sudo_1.8.20p1-1.1.dsc
51d76c6cb6d83e6b1dd7598c8fb265344b03593bcefeb5c3d4e4901df8404439 24368
sudo_1.8.20p1-1.1.debian.tar.xz
Files:
472bbc089e135e6d885f7a20a8f0ca54 2162 admin optional sudo_1.8.20p1-1.1.dsc
1a108f88581121c6c2d07235e355120a 24368 admin optional
sudo_1.8.20p1-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlk1T+RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ef6EQAJT3sXazYlrbgyjG2Ce7f3BA0Ab1CBRh
IM+MGVJybXmIVa1z0DHSLH27k1gL0cWxq0UG9pXoWgAwNHZv2Fm2HE/UNGZGgLjX
U+63+iQ7mxP0N/jUGNR+/hC0waqxWAHjhTAKYIbYb8IvHm/urgnFYLK/Cxke++w3
ytYp6nIUAboLJozbEp/e1fzGRXzbpuohaC47Fy8kMFsw2C6v9HvbUE5YVmMsCxtt
8buobd0srYvXjjTbU2iDR+UObjrwy8MW+5C0CZDP8HTEk6OkfwaZ4pZwCg8Vikk2
8nCLeL0T6rKB5d73bTmfHAIE8PT51SE1BCerAUu9E5MeCmqk1mGshF/PzzTGMnK9
WS98ZNh/LjneA3MFq2ZEojbO/0JUJ+R5lFFfvB1jR7TSTfInnDQhYJG/rgoytAYA
mzGNkXS/f7x5TWarrsN/yAuLGx7i4f5uIHxX2W97Wt2gOde4xrUN+k/gzNIEYisN
1kUxTOc+QV20wlRvT7USic1vWgBNzJQ6u/ghM+zaRjYNPTPjVlnyRcqbIG3GqqiI
7p5w0fGqE3NglepEo7KZAz6+jMR/2/yN1uchs6HNujn3tLglZq2ALYr65CadAimL
7wZjSKyAdcfxipWunic2M+u3oTzBEZKLQWFbNRniIO/89uzLOJBMi+daDtv/8lWT
ls3GCeSkgSJx
=M9yY
-----END PGP SIGNATURE-----
--- End Message ---
