4.309. sudo

An updated sudo package that fixes one bug and introduces one feature enhancement is now available for Red Hat Enterprise Linux 6.

The sudo utility allows system administrators to give certain users the ability to run commands as root with logging.

BZ#709235: Prior to this update, sudo incorrectly searched for the Lightweight Directory Access Protocol (LDAP) configuration in the /etc/nss_ldap.conf file. This bug has been fixed in this update so that sudo now searches the /etc/nslcd.conf file.

BZ#709859: Because the sudo utility needs to be run with elevated privileges, the sudo package is now built with RELRO linker flags.

All users of sudo are advised to upgrade to this updated package, which fixes this bug and adds this enhancement.

Updated sudo packages that fix two bugs are now available for Red Hat Enterprise Linux 6.

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root.

BZ#802440: A race condition in the signal handling code caused the sudo process to become unresponsive after receiving the SIGCHLD signal. This update modifies the signal handling to prevent the race condition, which ensures that the sudo process no longer hangs under these circumstances.
BZ#811879: The "-l" option is used to list allowed and forbidden commands for the invoking user or for the user specified by the "-U" option. However, previously, the getgrouplist() function incorrectly checked the invoker's group membership instead of the membership of the specified user. Consequently, using the "sudo" command with both the "-l" and "-U" options listed privileges granted to any group the invoker was a member of. The getgrouplist() function has been fixed to properly check the group membership of the intended user rather than checking the invoker's membership. This ensures that the required output is listed when using the "-l" and "-U options.

All users of sudo are advised to upgrade to these updated packages, which fix these bugs.