sudo-1.7.2p1-14.AXS3.3

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.

Security issues fixed with this release:

• CVE-2012-3440
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

Fixed bugs:

• Previously, sudo escaped non-alphanumeric characters at the wrong place, which could interfere with the authorization process. This has been fixed.

• Sudo now uses SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK so that sudo can exit and send the correct output.

• Previously, updating the sudo package resulted in the "sudoers" line in "/etc/nsswitch.conf" being removed. This has been fixed

• Fixed a race condition in which a program executer by sudo could finish before sudo started waiting for it, leaving the program as a zombie, and sudo waiting for it. This has been fixed.

• Solved many regression problems introduced by previous updates leading to several services not starting.