sudo-1.7.4p5-7.AXS4

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
Security issues fixed with this release:
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Fixed bugs:
- With "/etc/sudoers" files containing several host entries, the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. This has been fixed.
- the manual page for sudoers.ldap is now properly included in the package. Additionally, various POD files only needed for building purposes have been removed from the package
- sudo now uses the same location for the LDAP configuration files as the nss_ldap package, in the /etc/nslcd.conf file.
- When editing a file with the "sudo -e file" or the "sudoedit file" command, the editor was logged only as "sudoedit". The full path to the executable being used as an editor is now logged.
- Added a comment regarding the "visiblepw" option of the "Defaults" directive to the default "/etc/sudoers" file to clarify its usage.
- Upgraded sudo to upstream version 1.7.4p5, which provides many bug fixes and enhancements.
Enhancement:
- The sudo package is now built with RELRO linker flags because it needs to be run with elevated privileges.