June 2005
Fedora - Two Update Notifications: 1. Fedora Core 4 Update: sudo-1.6.8p8-2.2 -- 2. Fedora Core 4 Update: ruby-1.8.2-7.fc4.2
ID: 00507
Ref: 467/2005
Date: 22 June 2005:16:17:36
Version: 1
Title: Fedora - Two Update Notifications: 1. Fedora Core 4 Update: sudo-1.6.8p8-2.2 -- 2. Fedora Core 4 Update: ruby-1.8.2-7.fc4.2
Abstract: 1. fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution -- 2. ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution on XMLRPC server. (#161096)
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora
Title
=====
Fedora - Two Update Notifications:
1. Fedora Core 4 Update: sudo-1.6.8p8-2.2
2. Fedora Core 4 Update: ruby-1.8.2-7.fc4.2
Detail
======
Update notification summaries:
1. fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
2. ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
on XMLRPC server. (#161096)
Update notification content follows:
1.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-473
2005-06-21
- ---------------------------------------------------------------------
Product : Fedora Core 4
Name : sudo
Version : 1.6.8p8
Release : 2.2
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
- ---------------------------------------------------------------------
* Tue Jun 21 2005 Karel Zak 1.6.8p8-2.2
- - fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
559f249ff294bbe3d4e656246a923082 SRPMS/sudo-1.6.8p8-2.2.src.rpm
de408134c434cea2b1ed8d17d95b477a ppc/sudo-1.6.8p8-2.2.ppc.rpm
1c2a778cf3e51af35ac8b114cee4ba20 ppc/debug/sudo-debuginfo-1.6.8p8-2.2.ppc.rpm
558b31097f4174f5c391c22c6c53cfe1 x86_64/sudo-1.6.8p8-2.2.x86_64.rpm
95bbcc2ff79deee94c23ced8db72c14b x86_64/debug/sudo-debuginfo-1.6.8p8-2.2.x86_64.rpm
6791e18e0bb604c38183e28638e9750a i386/sudo-1.6.8p8-2.2.i386.rpm
3be32b8c99f2228b91e31d3c01b25374 i386/debug/sudo-debuginfo-1.6.8p8-2.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
2.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-475
2005-06-22
- ---------------------------------------------------------------------
Product : Fedora Core 4
Name : ruby
Version : 1.8.2
Release : 7.fc4.2
Summary : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
- ---------------------------------------------------------------------
* Wed Jun 22 2005 Akira TAGOH - 1.8.2-7.fc4.2
- - ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
on XMLRPC server. (#161096)
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
4094d0acd0f4539d2d1f1ce987d2c646 SRPMS/ruby-1.8.2-7.fc4.2.src.rpm
0cb6aaa99a72c4bdd41efdec65d8f562 x86_64/rdoc-1.8.2-7.fc4.2.x86_64.rpm
2b2702d34ca59894441c48e012803e37 x86_64/irb-1.8.2-7.fc4.2.x86_64.rpm
0dc62920d21ddd43d68fb641876e2fb1 x86_64/ruby-1.8.2-7.fc4.2.x86_64.rpm
e07e29e538354c0f5da392e38b382ab3 x86_64/ri-1.8.2-7.fc4.2.x86_64.rpm
0a8572899f3749e94528f81f90784e41 x86_64/debug/ruby-debuginfo-1.8.2-7.fc4.2.x86_64.rpm
b7244ac269c05dc4722752e9e80cd0f1 x86_64/ruby-devel-1.8.2-7.fc4.2.x86_64.rpm
9307e1f02c5615c80fd0927437941cf1 x86_64/ruby-docs-1.8.2-7.fc4.2.x86_64.rpm
f0af20ac6200430d2e805182cd61e8d8 x86_64/ruby-libs-1.8.2-7.fc4.2.x86_64.rpm
8612e808821bf0df965a02487c77e8a0 x86_64/ruby-mode-1.8.2-7.fc4.2.x86_64.rpm
02697732f4203c67b85ebb0372f28361 x86_64/ruby-tcltk-1.8.2-7.fc4.2.x86_64.rpm
1e1285bde7c3856ca0a02d1a9954d834 x86_64/ruby-libs-1.8.2-7.fc4.2.i386.rpm
af58e9ba8fdf717b3291afb0d405e3a2 i386/ruby-devel-1.8.2-7.fc4.2.i386.rpm
a8598320667bb5ea842e10671ddcdf2d i386/irb-1.8.2-7.fc4.2.i386.rpm
abe51bc10ecb334b803b12030f095b9c i386/rdoc-1.8.2-7.fc4.2.i386.rpm
037577fd29b646a5ce8a99c8d160e88d i386/ri-1.8.2-7.fc4.2.i386.rpm
579b9cf14ef8b66d6da29cf143c71a26 i386/ruby-1.8.2-7.fc4.2.i386.rpm
0b1441ab65a9f8b11d2441c7d0b6b00e i386/debug/ruby-debuginfo-1.8.2-7.fc4.2.i386.rpm
3cff9a4987c07a58408dc69d0e6aa39d i386/ruby-docs-1.8.2-7.fc4.2.i386.rpm
1e1285bde7c3856ca0a02d1a9954d834 i386/ruby-libs-1.8.2-7.fc4.2.i386.rpm
a27669f069f6d7b9573f5839d498e442 i386/ruby-mode-1.8.2-7.fc4.2.i386.rpm
584950bc8a567c81a3dec3835d06575e i386/ruby-tcltk-1.8.2-7.fc4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------