Flubber Posted September 7, 2010 Report Share Posted September 7, 2010 Priority======[B]Medium[/B]Description=========A security flaw was found in the way Sudo performed matchingfor user described by a password against the list of members,allowed to run particular sudo command, when the group optionwas specified on the command line. If a local, unprivilegeduser was authorized by sudoers file to run their sudo commandswith permissions of a particular group (different to their own),it could lead to privilege escalation (execution of that sudocommand with permissions of privileged user account (root)).References=========http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956http://www.sudo.ws/sudo/alerts/runas_group.htmlhttp://www.ubuntu.com/usn/usn-983-1Notes=====jdstrand> root escalation, but requires non-standard sudoers setupjdstrand> sudo 1.6 is not affected (does not have '-g' option)Assigned-to=========jdstrandPackage=======Source: sudo (LP Ubuntu Debian)---------------------------------------------------Ubuntu 6.06 LTS (Dapper Drake): not-affectedUbuntu 8.04 LTS (Hardy Heron): not-affectedUbuntu 9.04 (Jaunty Jackalope): not-affectedUbuntu 9.10 (Karmic Koala): released (1.7.0-1ubuntu2.5)Ubuntu 10.04 LTS (Lucid Lynx): released (1.7.2p1-1ubuntu5.2)Ubuntu 10.10 (Maverick Meerkat): released (1.7.2p7-1ubuntu2)Faceti update.Source: CVE-2010-2956 in Ubuntu Quote Link to comment Share on other sites More sharing options...
Nytro Posted September 8, 2010 Report Share Posted September 8, 2010 Mi-a venit si mie update-ul pentru asta de la OpenSUSE. Avantajul open-source-ingului...Si mi-au venit mai multe update-uri de securitate pentru kernel, faceti update. Quote Link to comment Share on other sites More sharing options...
BogdanNBV Posted September 9, 2010 Report Share Posted September 9, 2010 ca sa nu mai deschid alt topic... eu ieri am updatat ubuntu 9.10 la 10.04 mergea fara probleme si am zis sa il updatez pe 10.04 la 10.10 si ca sa vezi ca prin minune nu alta... nu a mers... mergea in modul fara grafica... era doar terminalul pe tot ecranul... imi cerea sa ma loghez m-am loghat si nu am reusit sa aflu prea multe de ce mama lui nu mergea... cred ca o fi de la driverele placii video. Deci imi puteti spune cum sa fac sa updatez la 10.10 si sa mearga ? va rog sau sa astept pana apare stabil nu beta? Quote Link to comment Share on other sites More sharing options...
Flubber Posted September 9, 2010 Author Report Share Posted September 9, 2010 ca sa nu mai deschid alt topic... eu ieri am updatat ubuntu 9.10 la 10.04 mergea fara probleme si am zis sa il updatez pe 10.04 la 10.10 si ca sa vezi ca prin minune nu alta... nu a mers... mergea in modul fara grafica... era doar terminalul pe tot ecranul... imi cerea sa ma loghez m-am loghat si nu am reusit sa aflu prea multe de ce mama lui nu mergea... cred ca o fi de la driverele placii video. Deci imi puteti spune cum sa fac sa updatez la 10.10 si sa mearga ? va rog sau sa astept pana apare stabil nu beta?Am inteles tot, un debug nu dai si tu? Log? Este vreo problema cu "Xserver-org" (specifica ceva de el)? Socket error? Asta am patit si eu aseara dupa ce mi-am bagat nasul in tool-ul pentru "laptop lcd brightness" a trebuit sa scot xserver-ul si sa-l instalez la loc. Ma atentiona ca nu am instalat cum trebuie "Gnome" power manager (sau ceva de genul).LE: Referitor la mai sus, la login dupa ce imi booteaza imi zice "The configuration defaults for GNOME Power Manager have not been installed correctly. Please contact your computer administrator.", este in mare parte din cauza la putin spatiu pe disc dedicat Ubuntu-ului (ceea ce este adevarat.. mai am cam ~100 mb ramasi liberi... lul).Am gasit un fix aici (care nu l-am testat inca, dar altii au raportat ca le-a mers): http://www.absolutelytech.com/2010/04/13/solved-unable-to-boot-due-to-gnome-power-manager-error/ Quote Link to comment Share on other sites More sharing options...
