[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 467/05 - Fedora - Two Update Notifications



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 467/05 dated 22.06.05  Time: 15:48  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Fedora - Two Update Notifications:
     1.  Fedora Core 4 Update: sudo-1.6.8p8-2.2
     2.  Fedora Core 4 Update: ruby-1.8.2-7.fc4.2


Detail
====== 

Update notification summaries:
    1.  fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
    2.  ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
        on XMLRPC server. (#161096)


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-473
2005-06-21
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : sudo
Version     : 1.6.8p8
Release     : 2.2
Summary     : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis.  It is not a replacement for the shell.  Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

- ---------------------------------------------------------------------

* Tue Jun 21 2005 Karel Zak <kzak@xxxxxxxxxx> 1.6.8p8-2.2

- - fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

559f249ff294bbe3d4e656246a923082  SRPMS/sudo-1.6.8p8-2.2.src.rpm
de408134c434cea2b1ed8d17d95b477a  ppc/sudo-1.6.8p8-2.2.ppc.rpm
1c2a778cf3e51af35ac8b114cee4ba20  ppc/debug/sudo-debuginfo-1.6.8p8-2.2.ppc.rpm
558b31097f4174f5c391c22c6c53cfe1  x86_64/sudo-1.6.8p8-2.2.x86_64.rpm
95bbcc2ff79deee94c23ced8db72c14b  x86_64/debug/sudo-debuginfo-1.6.8p8-2.2.x86_64.rpm
6791e18e0bb604c38183e28638e9750a  i386/sudo-1.6.8p8-2.2.i386.rpm
3be32b8c99f2228b91e31d3c01b25374  i386/debug/sudo-debuginfo-1.6.8p8-2.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



2.



- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-475
2005-06-22
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : ruby
Version     : 1.8.2
Release     : 7.fc4.2
Summary     : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming.  It has many features to process text
files and to do system management tasks (as in Perl).  It is simple,
straight-forward, and extensible.

- ---------------------------------------------------------------------

* Wed Jun 22 2005 Akira TAGOH <tagoh@xxxxxxxxxx> - 1.8.2-7.fc4.2

- - ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
  on XMLRPC server. (#161096)


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4094d0acd0f4539d2d1f1ce987d2c646  SRPMS/ruby-1.8.2-7.fc4.2.src.rpm
0cb6aaa99a72c4bdd41efdec65d8f562  x86_64/rdoc-1.8.2-7.fc4.2.x86_64.rpm
2b2702d34ca59894441c48e012803e37  x86_64/irb-1.8.2-7.fc4.2.x86_64.rpm
0dc62920d21ddd43d68fb641876e2fb1  x86_64/ruby-1.8.2-7.fc4.2.x86_64.rpm
e07e29e538354c0f5da392e38b382ab3  x86_64/ri-1.8.2-7.fc4.2.x86_64.rpm
0a8572899f3749e94528f81f90784e41  x86_64/debug/ruby-debuginfo-1.8.2-7.fc4.2.x86_64.rpm
b7244ac269c05dc4722752e9e80cd0f1  x86_64/ruby-devel-1.8.2-7.fc4.2.x86_64.rpm
9307e1f02c5615c80fd0927437941cf1  x86_64/ruby-docs-1.8.2-7.fc4.2.x86_64.rpm
f0af20ac6200430d2e805182cd61e8d8  x86_64/ruby-libs-1.8.2-7.fc4.2.x86_64.rpm
8612e808821bf0df965a02487c77e8a0  x86_64/ruby-mode-1.8.2-7.fc4.2.x86_64.rpm
02697732f4203c67b85ebb0372f28361  x86_64/ruby-tcltk-1.8.2-7.fc4.2.x86_64.rpm
1e1285bde7c3856ca0a02d1a9954d834  x86_64/ruby-libs-1.8.2-7.fc4.2.i386.rpm
af58e9ba8fdf717b3291afb0d405e3a2  i386/ruby-devel-1.8.2-7.fc4.2.i386.rpm
a8598320667bb5ea842e10671ddcdf2d  i386/irb-1.8.2-7.fc4.2.i386.rpm
abe51bc10ecb334b803b12030f095b9c  i386/rdoc-1.8.2-7.fc4.2.i386.rpm
037577fd29b646a5ce8a99c8d160e88d  i386/ri-1.8.2-7.fc4.2.i386.rpm
579b9cf14ef8b66d6da29cf143c71a26  i386/ruby-1.8.2-7.fc4.2.i386.rpm
0b1441ab65a9f8b11d2441c7d0b6b00e  i386/debug/ruby-debuginfo-1.8.2-7.fc4.2.i386.rpm
3cff9a4987c07a58408dc69d0e6aa39d  i386/ruby-docs-1.8.2-7.fc4.2.i386.rpm
1e1285bde7c3856ca0a02d1a9954d834  i386/ruby-libs-1.8.2-7.fc4.2.i386.rpm
a27669f069f6d7b9573f5839d498e442  i386/ruby-mode-1.8.2-7.fc4.2.i386.rpm
584950bc8a567c81a3dec3835d06575e  i386/ruby-tcltk-1.8.2-7.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQrl6FIpao72zK539AQF82QP/YeSKFk6T3IVc1anQ4dsddgiQ7roJsIyk
Rb8LsmbLsYoKw9Fh4w8uUnubh0DrL6VcwMXsH9Rx1eWep3VBFUVt3PVAtIcYOupM
q6YVQlme2veGmIknAaJFSrvQvPMh24Bo0KvbHJWNewsIuuCfBpmKHMVq2jVVuX8A
7X7XhuAINJs=
=Li8Y
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________