You are here

RHN Errata Alert: Updated sudo packages are available

AlbLinux's picture

RHN Errata Alert: Updated sudo packages are available

Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1063

Security Advisory - RHSA-2002:071-07

RHN Errata Alert: Updated sudo packages are available

Summary:
Updated sudo packages are available

Updated sudo packages are available which fix a local root exploit.

Description:
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging.

Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0184 to this issue.

Users of Sudo are advised to upgrade to these errata packages which are not vulnerable to this issue.

References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184
http://www.globalintersec.com/adv/sudo-2002041701.txt
------------------------------------------------------------------------------

-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:

- select your server name by clicking on its name from the list
available at the following location, and then schedule an
errata update for it:
https://rhn.redhat.com/network/systemlist/system_list.pxt

- run the Update Agent on each affected server.

---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt

You can also enable/disable notification on a per system basis by selecting an individual system from the "Systems List". From the individual system view click the "Details" tab.

---------------------
Affected Systems List
---------------------
This Errata Advisory may apply to the systems listed below. If you know that this errata does not apply to a system listed, it might be possible that the package profile for that server is out of date. In that case you should run 'up2date -p' as root on the system in question to refresh your software profile.