Nom du paquet
sudo
Date
2012-05-21
Advisory ID
MDVSA-2012:079
Affected versions
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in sudo:

A flaw exists in the IP network matching code in sudo versions 1.6.9p3
through 1.8.4p4 that may result in the local host being matched
even though it is not actually part of the network described by the
IP address and associated netmask listed in the sudoers file or in
LDAP. As a result, users authorized to run commands on certain IP
networks may be able to run commands on hosts that belong to other
networks not explicitly listed in sudoers (CVE-2012-2337

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 b713c66d70635d93ccf68864c8849fe8  mes5/i586/sudo-1.7.4p6-0.2mdvmes5.2.i586.rpm 
 1de7c7de8f1764ecad9d727bae373fa7  mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm

2010.1 i586

 10f9635c97df775aa2e84eea10cc2520  2010.1/i586/sudo-1.7.4p6-0.2mdv2010.2.i586.rpm 
 172ec1e9eb59daf6c619083544395615  2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm

2011 x86_64

 c1a370556138f31669c713c7544ee042  2011/x86_64/sudo-1.7.6p2-1.1-mdv2011.0.x86_64.rpm 
 54e9566af0fc7a350b91a14351e83a9c  2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm

2011 i586

 4eaa11586daaf481506b9383462e11b1  2011/i586/sudo-1.7.6p2-1.1-mdv2011.0.i586.rpm 
 54e9566af0fc7a350b91a14351e83a9c  2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm

MES5 x86_64

 6cabbb3df9d3ab16adb1f29b42ec24c5  mes5/x86_64/sudo-1.7.4p6-0.2mdvmes5.2.x86_64.rpm 
 1de7c7de8f1764ecad9d727bae373fa7  mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm

2010.1 x86_64

 7c223e5185387d690b1fd5c9aedbb072  2010.1/x86_64/sudo-1.7.4p6-0.2mdv2010.2.x86_64.rpm 
 172ec1e9eb59daf6c619083544395615  2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm

References