——————————————————————————–
Fedora Update Notification
FEDORA-2015-2281
2015-02-18 23:40:18
——————————————————————————–

Name : sudo
Product : Fedora 21
Version : 1.8.12
Release : 1.fc21
URL : http://www.courtesan.com/sudo/
Summary : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

——————————————————————————–
Update Information:

– update to 1.8.12
– fixes CVE-2014-9680
——————————————————————————–
ChangeLog:

* Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> – 1.8.12
– update to 1.8.12
– fixes CVE-2014-9680
* Mon Nov 3 2014 Daniel Kopecek <dkopecek@redhat.com> – 1.8.11p2-1
– update to 1.8.11p2
– added patch to fix upstream bug #671 — exiting immediately
when audit is disabled
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> – 1.8.11-1
– update to 1.8.11
– major changes & fixes:
– when running a command in the background, sudo will now forward
SIGINFO to the command
– the passwords in ldap.conf and ldap.secret may now be encoded in base64.
– SELinux role changes are now audited. For sudoedit, we now audit
the actual editor being run, instead of just the sudoedit command.
– it is now possible to match an environment variable’s value as well as
its name using env_keep and env_check
– new files created via sudoedit as a non-root user now have the proper group id
– sudoedit now works correctly in conjunction with sudo’s SELinux RBAC support
– it is now possible to disable network interface probing in sudo.conf by
changing the value of the probe_interfaces setting
– when listing a user’s privileges (sudo -l), the sudoers plugin will now prompt
for the user’s password even if the targetpw, rootpw or runaspw options are set.
– the new use_netgroups sudoers option can be used to explicitly enable or disable
netgroups support
– visudo can now export a sudoers file in JSON format using the new -x flag
– added patch to read ldap.conf more closely to nss_ldap
– require /usr/bin/vi instead of vim-minimal
– include pam.d/system-auth in PAM session phase from pam.d/sudo
– include pam.d/sudo in PAM session phase from pam.d/sudo-i
——————————————————————————–
References:

[ 1 ] Bug #1191144 – CVE-2014-9680 sudo: unsafe handling of TZ environment variable
https://bugzilla.redhat.com/show_bug.cgi?id=1191144
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update sudo’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

 

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2015-2247
2015-02-18 23:39:01
——————————————————————————–

Name : sudo
Product : Fedora 20
Version : 1.8.12
Release : 1.fc20
URL : http://www.courtesan.com/sudo/
Summary : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

——————————————————————————–
Update Information:

– update to 1.8.12
– fixes CVE-2014-9680

Update to 1.8.11p2

Major upstream changes & fixes:
– when running a command in the background, sudo will now forward SIGINFO to the command
– the passwords in ldap.conf and ldap.secret may now be encoded in base64.
– SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command.
– it is now possible to match an environment variable’s value as well as its name using env_keep and env_check
– new files created via sudoedit as a non-root user now have the proper group id
– sudoedit now works correctly in conjunction with sudo’s SELinux RBAC support
– it is now possible to disable network interface probing in sudo.conf by changing the value of the probe_interfaces setting
– when listing a user’s privileges (sudo -l), the sudoers plugin will now prompt for the user’s password even if the targetpw, rootpw or runaspw options are set.
– the new use_netgroups sudoers option can be used to explicitly enable or disable netgroups support
– visudo can now export a sudoers file in JSON format using the new -x flag

Distribution specific changes:
– added patch to read ldap.conf more closely to nss_ldap
– require /usr/bin/vi instead of vim-minimal
– include pam.d/system-auth in PAM session phase from pam.d/sudo
– include pam.d/sudo in PAM session phase from pam.d/sudo-i

——————————————————————————–
ChangeLog:

* Wed Feb 18 2015 Daniel Kopecek <dkopecek@redhat.com> – 1.8.12
– update to 1.8.12
– fixes CVE-2014-9680
* Mon Nov 3 2014 Daniel Kopecek <dkopecek@redhat.com> – 1.8.11p2-1
– update to 1.8.11p2
– added patch to fix upstream bug #671 — exiting immediately
when audit is disabled
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> – 1.8.11-1
– update to 1.8.11
– major changes & fixes:
– when running a command in the background, sudo will now forward
SIGINFO to the command
– the passwords in ldap.conf and ldap.secret may now be encoded in base64.
– SELinux role changes are now audited. For sudoedit, we now audit
the actual editor being run, instead of just the sudoedit command.
– it is now possible to match an environment variable’s value as well as
its name using env_keep and env_check
– new files created via sudoedit as a non-root user now have the proper group id
– sudoedit now works correctly in conjunction with sudo’s SELinux RBAC support
– it is now possible to disable network interface probing in sudo.conf by
changing the value of the probe_interfaces setting
– when listing a user’s privileges (sudo -l), the sudoers plugin will now prompt
for the user’s password even if the targetpw, rootpw or runaspw options are set.
– the new use_netgroups sudoers option can be used to explicitly enable or disable
netgroups support
– visudo can now export a sudoers file in JSON format using the new -x flag
– added patch to read ldap.conf more closely to nss_ldap
– require /usr/bin/vi instead of vim-minimal
– include pam.d/system-auth in PAM session phase from pam.d/sudo
– include pam.d/sudo in PAM session phase from pam.d/sudo-i
* Tue Aug 5 2014 Tom Callaway <spot@fedoraproject.org> – 1.8.8-5
– fix license handling
* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.8.8-4
– Drop ChangeLog, we ship NEWS
* Mon Mar 10 2014 Daniel Kopecek <dkopecek@redhat.com> – 1.8.8-3
– remove bundled copy of zlib before compilation
– drop the requiretty Defaults setting from sudoers
* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> – 1.8.8-2
– Own the %{_libexecdir}/sudo dir.
——————————————————————————–
References:

[ 1 ] Bug #1191144 – CVE-2014-9680 sudo: unsafe handling of TZ environment variable
https://bugzilla.redhat.com/show_bug.cgi?id=1191144
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update sudo’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce