+++ This bug was initially created as a clone of Bug #151893 +++ Description of problem: sudo 1.6.8p7 was released on February 5th, 2005 - and Fedora Core Development only has 1.6.7p5. Vendor also says: "Please note: versions of Sudo prior to 1.6.8p2 are affected by a potential security flaw that could allow a malicious user to subvert Bash shell scripts." Version-Release number of selected component (if applicable): sudo-1.6.7p5-31 Actual results: Some patch merging is necessary and sudoedit (copy of sudo) should be removed including the duplicate of the man page: @@ -75,6 +66,8 @@ chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo +rm -f $RPM_BUILD_ROOT{%{_bindir}/sudoedit,%{_mandir}/man8/sudoedit*} + mkdir -p $RPM_BUILD_ROOT/etc/pam.d cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF #%PAM-1.0 Expected results: Upgrade to 1.6.8p7 ;-) Additional info: This upgrade would solve bug #151632. -- Additional comment from redhat-bugzilla on 2005-03-23 05:27 EST -- Created an attachment (id=112251) sudo-1.6.8p7-selinux.patch Hopefully, I didn't do any mistakes at patch merging... -- Additional comment from twoerner on 2005-04-12 08:29 EST -- Fixed in rawhide in rpm sudo-1.6.8p8-1 or newer. I had to rebuild the selinux patch, the result is similar to your patch, Thanks.
It will be very nice to have the last version of sudo in Entreprise version of RedHat Linux. (I'm using version 3 at work and I'm lacking this) Version 1.6.8 (in comparison of 1.6.7) allow a new tag to act like the dash of su - Regards,
The distrubution RHEL3 is __stable__ it means that some upstream version update is really unusual. Something like update to the lates version of any package is too dangerous step. We usually fix bugs only. Please, if you still think that your request should be accepted connect the official Red Hat support: http://www.redhat.com/apps/support/. Thanks.