Changelog
sudo (1.7.0-1ubuntu2.6) karmic-security; urgency=low
* SECURITY UPDATE: privilege escalation via -g when using group Runas_List
- pwutil.c, sudo.h: add user_in_group(), backported from upstream commits
48ca8c2eddf8, 72df368a8a0e and 6ebc55d4716b. This is intended to be used
only with check.c to fix CVE-2011-0010 instead of doing the refactoring.
Going forward, will need to look at this code also if a flaw is found in
this refactored code. If needed, the refactoring work is in 48ca8c2eddf8
and 6ebc55d4716b.
- check.c: prompt for password when the user is running sudo as himself
but as a different group. Based on fe8a94f96542.
- CVE-2011-0010
-- Jamie Strandboge <email address hidden> Wed, 19 Jan 2011 10:46:05 -0600