Slackware Security Update: sudo

There’s a security update for the sudo package in recent Slackware versions. This includes 8.1, 9.0, 9.1, 10.0, 10.1 and current. A race condition could allow a user with sudo privileges to run arbitrary commands. Details are as follows:

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/sudo-1.6.8p9-i486-1.tgz: Upgraded to sudo-1.6.8p9.
This new version of Sudo fixes a race condition in command pathname handling that could allow a user with Sudo privileges to run arbitrary commands.
For full details, see the Sudo site:
http://www.courtesan.com/sudo/alerts/path_race.html
(* Security fix *)
+————————–+

You can use the Slackware package browser to obtain an updated version of this package for your Slackware installation. Lazier and smarter people like me will use updating tools such as Swaret or slapt-get 🙂

3 responses to “Slackware Security Update: sudo”.

  1. tyler Says:

    Hey, good find. I haven’t been staying up to date with changes in Slackware. Glad you’re around to do it for me Azmeen. 😉

  2. Lainie Says:

    not making a trip to kl for the pps meet? 🙂

  3. Site Admin Azmeen Says:

    Tyler: Thanks! A good way to be kept updated is to subscribe to the slackware-security mailing list 🙂

    Lainie: Unfortunately not. I just couldn’t schedule it in my oh-so-messy-life at the moment. Too many things to do, too little time. So I guess I just have to read about the meet when all the participants brag about how nice the meet turned out to be 🙂