Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 Documentation » Does devuan has its own metadata service? » 2023-06-26 13:19:35

superurmel
Replies: 0

Hi,

on StackExchange I opened a question "stable package is different to rmadison query" on https://unix.stackexchange.com/question … ison-query

One respond was if Devuan has its own metadata service?
" [ ... ] if Devuan has an appropriate metadata service (Madison), you can tell rmadison to use that with the -u option; [ ... ]"

Does Devuan has its own metadata service (Madison)?

#2 Re: News & Announcements » Sudo Vulnerability CVE-2021-3156 » 2021-10-06 05:18:05

superurmel
GlennW wrote:

Now I'm confused. And I don't use sudo or would have it installed if I could arrange it.

Using the example above... I get

glenn@asus-r552jv:~$ sudoedit -s /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
glenn@asus-r552jv:~$

My bad. I used the command wrong.

~ % sudoedit -s/
sudoedit: Ungültige Option -- /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p
                prompt] [-T timeout] [-u user] file ...

I also get this

~ % sudoedit -s /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p
                prompt] [-T timeout] [-u user] file ...

I will give doas a try.

#3 Re: News & Announcements » Sudo Vulnerability CVE-2021-3156 » 2021-10-05 10:20:49

superurmel

Thanks for the reply GlennW

hope this helps.

It still confuses me. I thought that, because I'm on stable, I should get security patches.

As I have sudo version 1.8.27-1+deb10u3, I think I still have the vulnerable version.

Affected version
sudo: 1.8.2 – 1.8.31p2
sudo: 1.9.0 – 1.9.5p1

I'm confused hmm

SOLVED:

Ok, after a little search on debian.org if found out that the version I have (1.8.27-1+deb10u3) is fixed!

I have the fixed version (https://www.debian.org/security/2021/dsa-4839) but still the behavior described on https://haxf4rall.com/2021/01/27/cve-20 … ity-alert/.

How to exploit this bug

Log in to the system as a non-root user and use the command sudoedit -s /

    -If you see an error that starts with sudoedit:, it indicates that there is a vulnerability.
    -If you see an error starting with usage:, then the patch has taken effect.

#4 Re: News & Announcements » Sudo Vulnerability CVE-2021-3156 » 2021-10-05 09:55:59

superurmel
dice wrote:

if you havent apt updated in a while today would be the day to do it if you use sudo.

Affected version
sudo: 1.8.2 – 1.8.31p2
sudo: 1.9.0 – 1.9.5p1

Solution
In this regard, we recommend that users upgrade sudo to the latest version in time.

Hi. I don't understand. I do check for updates regulary. My version von sudo is:

~ % apt list sudo -a         
Auflistung... Fertig
sudo/stable,stable-security,now 1.8.27-1+deb10u3 amd64  [installiert]
sudo/stable,stable-security 1.8.27-1+deb10u3 i386

And I'm on Devuan 3.1.

My sources-list:

## package repositories
deb http://deb.devuan.org/merged beowulf main contrib non-free
deb http://deb.devuan.org/merged beowulf-updates main contrib non-free
deb http://deb.devuan.org/merged beowulf-security main contrib non-free
deb http://deb.devuan.org/merged beowulf-backports main contrib non-free

What is it I do not understand?
Do I something wroing?

Pages: 1

Board footer

Forum Software