touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #77908
[Bug 1451274] Re: sudo does not check fdqn properly
This bug was fixed in the package sudo - 1.8.12-1ubuntu1
---------------
sudo (1.8.12-1ubuntu1) wily; urgency=medium
* Merge from Debian unstable. (LP: #1451274, LP: #1219337)
Remaining changes:
- debian/rules:
+ compile with --without-lecture --with-tty-tickets --enable-admin-flag
+ install man/man8/sudo_root.8 in both flavours
+ install apport hooks
- debian/sudoers:
+ also grant admin group sudo access
- debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
+ add usr/share/apport/package-hooks
- debian/sudo.pam:
+ Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due to
security reasons.
- debian/control:
+ dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command
- Remaining patches:
+ keep_home_by_default.patch: Keep HOME in the default environment
+ debian/patches/also_check_sudo_group.diff: also check the sudo group
in plugins/sudoers/sudoers.c to create the admin flag file. Leave the
admin group check for backwards compatibility.
* Dropped patches no longer needed:
+ add_probe_interfaces_setting.diff
+ actually-use-buildflags.diff
+ CVE-2014-9680.patch
sudo (1.8.12-1) unstable; urgency=low
* new upstream version, closes: #772707, #773383
* patch from Christian Kastner to fix sudoers handling error when moving
between sudo and sudo-ldap packages, closes: #776137
sudo (1.8.11p2-1) unstable; urgency=low
* new upstream version
sudo (1.8.11p1-2) unstable; urgency=low
* patch from Jakub Wilk to fix 'ignoring time stamp from the future'
messages, closes: #762465
* upstream patch forwarded by Laurent Bigonville that fixes problem with
Linux kernel auditing code, closes: #764817
sudo (1.8.11p1-1) unstable; urgency=low
* new upstream version, closes: #764286
* fix typo in German translation, closes: #761601
sudo (1.8.10p3-1) unstable; urgency=low
* new upstream release
* add hardening=+all to match login and su
* updated VCS URLs and crypto verified watch file, closes: #747473
* harmonize configure options for LDAP version to match non-LDAP version,
in particular stop using --with-secure-path and add configure_args
* enable audit support on Linux systems, closes: #745779
* follow upstream change from --with-timedir to --with-rundir
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Wed, 13 May 2015
15:43:49 -0400
** Changed in: sudo (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9680
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1451274
Title:
sudo does not check fdqn properly
Status in sudo:
Fix Released
Status in sudo package in Ubuntu:
Fix Released
Status in sudo source package in Trusty:
Triaged
Status in sudo source package in Utopic:
Triaged
Status in sudo source package in Vivid:
Triaged
Bug description:
As noted in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731583,
from sudo 1.8.8 it does not correctly check fqdn for sudoers entries
that contain FQDN hostnames, or netgroups which contain FQDN entries
(which is fairly common, eg when using hostgroups with FreeIPA).
There is an upstream fix available (as noted on the Debian bug report)
which does resolve this problem. It does not appear to have been
applied to sudo as of 14.04.2 at least.
To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/1451274/+subscriptions
References
