Your message dated Mon, 05 Jun 2017 17:04:40 +0000
with message-id <e1dhvqm-0004fy...@fasolo.debian.org>
and subject line Bug#863897: fixed in sudo 1.8.19p1-2.1
has caused the Debian Bug report #863897,
regarding sudo: CVE-2017-1000368: Arbitrary terminal access due to issue in
parsing /proc/[pid]/stat when process name contains newline
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
863897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sudo
Version: 1.8.10p3-1
Severity: important
Tags: patch upstream
Hi
sudo 1.8.20p2 fixes an issue in parsing /proc/[pid]/stat when the
process name contains a newline.
The bug is not exploitable due to the changes in how /dev is traversed
made in sudo 1.8.20p1 for CVE-2017-1000367.
Still it is probably good to have it fixed in a point release as well
for stable releases (or if accepted by the release team as well
targetted for stretch).
Announce:
https://www.sudo.ws/pipermail/sudo-announce/2017-May/000155.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.8.19p1-2.1
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jun 2017 14:22:55 +0200
Source: sudo
Binary: sudo sudo-ldap
Architecture: source
Version: 1.8.19p1-2.1
Distribution: stretch
Urgency: high
Maintainer: Bdale Garbee <bd...@gag.com>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 863897
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Changes:
sudo (1.8.19p1-2.1) stretch; urgency=high
.
* Non-maintainer upload.
* Use /proc/self consistently on Linux
* CVE-2017-1000368: Arbitrary terminal access (Closes: #863897)
Checksums-Sha1:
389d97a5450dea0ba937c08514ed2b94bd4ba6eb 2162 sudo_1.8.19p1-2.1.dsc
aca0feb33f0163911502ee1d0675bb09177e6f95 26228 sudo_1.8.19p1-2.1.debian.tar.xz
Checksums-Sha256:
e7bac2de56bdab027eaa0087a15b9558e57f27cfa49de43cac3d8cd5019b932b 2162
sudo_1.8.19p1-2.1.dsc
3152691a37e26e26d6829853c607ec6db9aaa1a50a1ea87a4dee2cbecaff29bd 26228
sudo_1.8.19p1-2.1.debian.tar.xz
Files:
fc0e06c179860d8532d80c77aafeb9b6 2162 admin optional sudo_1.8.19p1-2.1.dsc
296aeafeeef6279358c2d5a68b36eba4 26228 admin optional
sudo_1.8.19p1-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlk1VJhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETGkP/3t12eGY3DIlamI7OjaCU9QzosEbYbBn
Y0i4U4Hl7yAuId6k3Cg1fJUgXeP6GnadUwR+w5SqsuypSaOM8z2SWuwPjlnoOCow
pkzg+0edOlSCOwTMf1Luj5C5i1ar8w5+zg49ghe3yC3lB9TsBodCsJKHFE5mQNnQ
sKT6dxfD29PqphcpMT7CgznhFWnUssvFxIxOpE1q2NkZK/mFSQANzs6WBnuKhRIn
1Dw6aw9ylwSxU4KS5u2rGShjCaK4tAlLoMN8BX6LC5FQQ2GX8EBpXocBxuZg8YH3
ca7TrhXe3RS1uqdtVIZRfMuIBmY67cXZm9oTQsCS/ymEbiJd6Dm421mwYbjLBB0W
p+37g7e5wwSFo3pcUvq973k40LUCmd7fCw4JoJi/pTOH+1EK33/0rHdgbK+mOYiq
r0Y/QcmAT5OW9kk8IV1jwtMbJKW8JlrnpmaVpOacLPuBwCWOIAIo0gLSN0/OV5Ie
EKSsGq+HKEgs0p4vNuvgNQg4d/sHnqD/0Ck5Ac0gRGRBwJLDqHkqWAUfQ1TOWRRV
aAjiixYBm8PhOHz8X0b+FxpKjEYxMdAV87pR/+V7EvnByMKq+JmILX00aCVleJGB
z4+15vvzAl5yTUQ/dfduy5H61asQdpwJcdkRXrtHp4+0ajg77LD6gC/zHJlG0u2V
f5hxfHB74jPh
=B0ch
-----END PGP SIGNATURE-----
--- End Message ---
