A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. Upstream Patch: https://github.com/sudo-project/sudo/commit/e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c https://www.sudo.ws/repos/sudo/rev/b4f31dbe3109 Upstream release: https://www.sudo.ws/releases/legacy/#1.8.28 Red Hat Advisory: https://access.redhat.com/errata/RHBA-2019:3598 References: https://sudo.ws/pipermail/sudo-workers/2019-August/001248.html https://sudo.ws/pipermail/sudo-workers/2019-August/001249.html