Bug 669626

Summary: sudo-1.7.4p5 is available
Product: [Fedora] Fedora Reporter: Upstream Release Monitoring <upstream-release-monitoring>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: c719711, dkopecek, kzak
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.7.4p5-1.fc14 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-18 21:40:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Upstream Release Monitoring 2011-01-14 05:54:57 UTC 
Latest upstream release: 1.7.4p5
Current version in Fedora Rawhide: 1.7.4p4
URL: http://www.sudo.ws/sudo/dist/

Please consult the package update guidelines before you issue an update to a stable branch: https://fedoraproject.org/wiki/Package_update_guidelines

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Account closed by user 2011-01-14 07:56:23 UTC 
Major changes between version 1.7.4p4 and 1.7.4p5:

    * A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag.

    * If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.

    * A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed.

    * A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,.

    * A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag.

    * Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled.

    * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled.

    * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.

    * A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host.
Comment 2 Account closed by user 2011-01-14 07:58:37 UTC 
1.7.4p5 fixes a bug that would allow a user to run a command with their own user ID but with a different group without entering a password. The bug only affects sudoers entries that include a Runas_Group as part of the rule and affects user authentication only. Please see the http://www.sudo.ws/sudo/alerts/runas_group_pw.html (security alert) for more details if you are using that feature. CVE CVE-2011-0010
Comment 3 Fedora Update System 2011-01-17 10:46:24 UTC 
sudo-1.7.4p5-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc14
Comment 4 Fedora Update System 2011-01-17 20:55:37 UTC 
sudo-1.7.4p5-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sudo'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc14
Comment 5 Fedora Update System 2011-01-18 21:39:45 UTC 
sudo-1.7.4p5-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.