RHBA-2011:0079 - Bug Fix Advisory

Topic

An updated sudo package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.

Description

The sudo (superuser do) utility allows system administrators to give certain
users the ability to run commands as root.

This update fixes the following bugs:

• Due to an incorrect definition of a lexical analyzer rule, using a negated

user-specific "Defaults" directive failed with a parse error. With this update,
such directives are now parsed as expected. (BZ#580438)

• Prior to this update, the manual page for sudoers.ldap was not installed, even

though it contains important information on how to set up an LDAP sudoers source
and other documents refer to it. This error no longer occurs, and the manual
page is now properly included in the package. Additionally, various POD files
have been removed from the package, as they are required for build purposes
only. (BZ#583644)

• A comment regarding the "visiblepw" option of the "Defaults" directive has

been added to the default /etc/sudoers file to clarify its usage. (BZ#583911)

• A typing error in the sudoers manual page has been corrected. (BZ#602022)
• When the /etc/sudoers file contained entries with multiple hosts, running the

"sudo -l" command incorrectly reported that a certain user does not have
permissions to use sudo on the system. With this update, the underlying source
code has been modified to target this issue, and running the "sudo -l" command
now produces the correct output. (BZ#603819)

• Due to an incorrect handling of mixed case in user and group names, fetching

the information from Active Directory may have failed with a cache error. With
this update, an upstream patch has been applied to target this issue, and sudo
now works as expected. (BZ#615179)

All users of sudo are advised to upgrade to this updated package, which resolves
these issues.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 580438 - Regression: sudoers parsing fails with Defaults_Type target including "!user"
• BZ - 583644 - .pod files are packaged under /usr/share/doc/sudo*, and man page for sudoers.ldap is missing
• BZ - 583683 - fix audit related code in configure.in (backport from Fedora)
• BZ - 583911 - Add comment about the visiblepw option into sudoers
• BZ - 602022 - sudoers(5) man page typo
• BZ - 603819 - sudo - fix printing of entries with multiple host entries on a single line.

CVEs

(none)

References

(none)