sudo-1.7.2p1-13.AXS3

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
• CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Fixed bugs:
• Running the sudo utility with the -g option when configured not to ask for user's password caused a segmentation fault. This has been fixed.
• Added a sudoers entry to the nsswitch.conf file on install (it is deleted on uninstall) so that the sudo tool loads sudoers from an LDAP server afer a sudo upgrade.
• Fixed the parsing of the comment characters (#) in the ldap.conf file.
• sudo does not format its output to the width of the terminal window when the output is redirected through a pipeline.
• Fixed bug in Runas_Spec group matching: the Runas group aliases are honored as expected.
• Previously, after switching to an unprivileged user, sudo performed some SELinux related initialization: this could prevent the correct setup of the SELinux environment and potentially cause an access denial. Backporting the SELinux related code fixed the problem.
• Before reported an execv(3) function failure, sudo performed an auditing call which reset the error state, thus making the tool report a command success. This has been fixed.