[Oraclevm-errata] OVMSA-2015-0103 Oracle VM 3.3 sudo security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Jul 30 20:32:59 PDT 2015 

Oracle VM Security Advisory OVMSA-2015-0103

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
sudo-1.8.6p3-19.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/sudo-1.8.6p3-19.el6.src.rpm



Description of changes:

[1.8.6p3-19]
- RHEL-6.7 erratum
   - modified the authlogicfix patch to fix #1144448
   - fixed a bug in the ldapusermatchfix patch
   Resolves: rhbz#1144448
   Resolves: rhbz#1142122

[1.8.6p3-18]
- RHEL-6.7 erratum
   - fixed the mantypos-ldap.patch
   Resolves: rhbz#1138267

[1.8.6p3-17]
- RHEL-6.7 erratum
   - added patch for CVE-2014-9680
   - added BuildRequires for tzdata
   Resolves: rhbz#1200253

[1.8.6p3-16]
- RHEL-6.7 erratum
   - added zlib-devel build required to enable zlib compression support
   - fixed two typos in the sudoers.ldap man page
   - fixed a hang when duplicate nss entries are specified in nsswitch.conf
   - SSSD: implemented sorting of the result entries according to the
           sudoOrder attribute
   - LDAP: fixed logic handling the computation of the "user matched" flag
   - fixed restoring of the SIGPIPE signal in the tgetpass function
   - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD
   Resolves: rhbz#1106433
   Resolves: rhbz#1138267
   Resolves: rhbz#1147498
   Resolves: rhbz#1138581
   Resolves: rhbz#1142122
   Resolves: rhbz#1094548
   Resolves: rhbz#1144448

[1.8.6p3-15]
- RHEL-6.6 erratum
   - SSSD: dropped the ipahostnameshort patch, as it is not
     needed. rhbz#1033703 is a configuration issue.
   Related: rhbz#1033703

[1.8.6p3-14]
- RHEL-6.6 erratum
   - SSSD: fixed netgroup filter patch
   - SSSD: dropped serparate patch for #1006463, the fix is now part
     of the netgroup filter patch
   Resolves: rhbz#1006463
   Resolves: rhbz#1083064

[1.8.6p3-13]
- RHEL-6.6 erratum
   - don't retry authentication when ctrl-c pressed
   - fix double-quote processing in Defaults options
   - fix sesh login shell argv[0]
   - handle the "(none)" hostname correctly
   - SSSD: fix ipa_hostname handling
   - SSSD: fix sudoUser netgroup specification filtering
   - SSSD: list correct user when -U <user> -l specified
   - SSSD: show rule names on long listing (-ll)
   Resolves: rhbz#1065415
   Resolves: rhbz#1078338
   Resolves: rhbz#1052940
   Resolves: rhbz#1083064
   Resolves: rhbz#1033703
   Resolves: rhbz#1006447
   Resolves: rhbz#1006463
   Resolves: rhbz#1070952

More information about the Oraclevm-errata mailing list