LinuxSecurity.com: A vulnerability has been found and corrected in git:Stack-based buffer overflow in the is_git_directory function in setup.cin Git before 22.214.171.124 allows local users to gain privileges via along gitdir: field in a .git file in a working copy (CVE-2010-2542).[More...]
LinuxSecurity.com: A vulnerability has been discovered and corrected in sudo:
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and
1.7.0 through 1.7.2p6 does not properly handle an environment that
contains multiple PATH variables, which might allow local users
I often hear people citing sudo as one of the main barriers to malware infecting a Linux computer.
The most commen argument seems to go along the lines of: Root privileges are required to modify system configuration, and a password is required to gain root privileges, so malware can't modify system configuration without prompting for a password.
But it seems to me that by default on most systems
LinuxSecurity.com: Multiple vulnerabilities have been fixed in Apache, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service).
LinuxSecurity.com: Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to [More...]