Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2013:0112-01

Overview

Id RHBA-2013:0112-01
Name Red Hat 2013:0112-01 RHBA sudo bug fix and enhancement update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Language(s)
Operating System(s) Linux 
Released On 07 Jan 2013 12:00:00

RHBA-2013:0112-01

Red Hat 2013:0112-01 RHBA sudo bug fix and enhancement update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

07 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHBA-2013-0112.html

Description

LSAC(v2)
The sudo (superuser do) utility allows system administrators to give specific users the ability to run commands as root. This update fixes the following bugs: * Previously, sudo escaped non-alphanumeric characters in commands using "sudo -s" or "sudo -" at the wrong place and interfered with the authorization process. Some valid commands were not permitted. Now, non-alphanumeric characters are escaped immediately before the command is executed and no longer interfere with the authorization process. (BZ#806073) * Prior to this update, the sudo utility could fail to receive the SIGCHLD signal when it was executed from a process that blocked the SIGCHLD signal. As a consequence, sudo could become suspended and fail to exit. This update modifies the signal process mask so that sudo can exit and sends the correct output. (BZ#814508) * The sudo update RHSA-2012:0309 introduced a regression that caused the SELinux context of the /etc/nsswitch.conf file to change during installation or upgrade of the sudo package. This could cause that various services confined by SELinux were no longer permitted to access the file. In reported cases, this issue prevented PostgreSQL and Postfix from starting. (BZ#818585) * Prior to this update, a race condition bug existed in sudo. When a program was executed with sudo, it could exit successfully before sudo started waiting for it. In this situation, the program became a defunct process and sudo waited for it endlessly as it expected the program was still running. (BZ#829263) * The sudo update RHSA-2012:0309 changed the behavior of sudo; it now runs commands as a child process instead of executing them directly and replacing the running process. This change could cause errors in some external scripts. A new cmnd_no_wait configuration option was added to restore the old behavior. To apply this option, add the following line to the /etc/sudoers file: Defaults cmnd_no_wait (BZ#840971) * Updating the sudo package resulted in the "sudoers" line in /etc/nsswitch.conf being removed. This update corrects the bug in the sudo package's post-uninstall script that caused this issue. (BZ#841070) * The RHSA-2012:1149 sudo security update introduced a regression that caused the permissions of the /etc/nsswitch.conf file to change during the installation or upgrade of the sudo package. This could cause various services to be unable to access the file. In reported cases, this bug prevented PostgreSQL from starting. This update fixes the bug and the file's permissions are no longer changed in the described scenario. (BZ#846631) * The policycoreutils package dependency, which includes the restorecon utility, was set to Requires only. Consequently, the installation proceeded in the incorrect order and restorecon was required before it was installed. This bug has been fixed by using a context marked dependency "Requires(post)" and "Requires(postun)", and the installation now proceeds correctly. (BZ#846694) Also, this update adds the following enhancement: * The sudo utility is able to consult the /etc/nsswitch.conf file for sudoers entries and look them up in files or in LDAP. Previously, when a match was found in the first database of sudoers entries, the look-up operation still continued in other databases. This update adds an option to the /etc/nsswitch.conf file that allows specifying a database. Once a match was found in the specified database, the sear

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:16:08