Bug 669626 - sudo-1.7.4p5 is available
Summary: sudo-1.7.4p5 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sudo
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Daniel Kopeček
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-14 05:54 UTC by Upstream Release Monitoring
Modified: 2011-01-18 21:40 UTC (History)
3 users (show)

Fixed In Version: sudo-1.7.4p5-1.fc14
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-01-18 21:40:01 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Upstream Release Monitoring 2011-01-14 05:54:57 UTC 
Latest upstream release: 1.7.4p5
Current version in Fedora Rawhide: 1.7.4p4
URL: http://www.sudo.ws/sudo/dist/

Please consult the package update guidelines before you issue an update to a stable branch: https://fedoraproject.org/wiki/Package_update_guidelines

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Account closed by user 2011-01-14 07:56:23 UTC 
Major changes between version 1.7.4p4 and 1.7.4p5:

    * A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag.

    * If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.

    * A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed.

    * A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,.

    * A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag.

    * Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled.

    * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled.

    * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.

    * A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host.
Comment 2 Account closed by user 2011-01-14 07:58:37 UTC 
1.7.4p5 fixes a bug that would allow a user to run a command with their own user ID but with a different group without entering a password. The bug only affects sudoers entries that include a Runas_Group as part of the rule and affects user authentication only. Please see the http://www.sudo.ws/sudo/alerts/runas_group_pw.html (security alert) for more details if you are using that feature. CVE CVE-2011-0010
Comment 3 Fedora Update System 2011-01-17 10:46:24 UTC 
sudo-1.7.4p5-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc14
Comment 4 Fedora Update System 2011-01-17 20:55:37 UTC 
sudo-1.7.4p5-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sudo'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sudo-1.7.4p5-1.fc14
Comment 5 Fedora Update System 2011-01-18 21:39:45 UTC 
sudo-1.7.4p5-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.