version 1.13, 2009/02/18 22:09:47 |
version 1.14, 2009/02/22 22:09:38 |
|
|
|
|
<ul> |
<ul> |
|
|
|
<li><a name="011_sudo"></a> |
|
<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font> <i>All architectures</i><br> |
|
sudo(8) may allow a user listed in the sudoers file to run a command |
|
as a different user than their access rule specifies when a Unix |
|
group is used in the RunAs portion of the rule. The bug only manifests |
|
when the user being granted privileges is also a member of the group |
|
in the RunAs portion of the rule. |
|
<br> |
|
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/011_sudo.patch"> |
|
A source code patch exists which remedies this problem</a>.<br> |
|
<p> |
|
|
<li><a name="010_bgpd"></a> |
<li><a name="010_bgpd"></a> |
<font color="#009000"><strong>010: RELIABILITY FIX: February 18, 2009</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>010: RELIABILITY FIX: February 18, 2009</strong></font> <i>All architectures</i><br> |
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing |
bgpd(8) did not correctly prepend its own AS to very long AS paths, causing |