[Oraclevm-errata] OVMSA-2016-0079 Oracle VM 3.2 sudo security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:10:39 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0079

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- added patch for CVE-2014-0106: certain environment variables not
   sanitized when env_reset is disabled
   Resolves: rhbz#1072210

- backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 
   Resolves: rhbz#968221

- visudo: fixed incorrect warning and parse error regarding
   undefined aliases which were in fact defined
   Resolves: rhbz#849679
   Resolves: rhbz#905624

- updated sudoers man-page to clarify the behavior of the user
   negation operator and the behavior of wildcard matching in command
   Resolves: rhbz#846118
   Resolves: rhbz#856902

- fixed regression in escaping of sudo -i arguments
   Resolves: rhbz#853203

- bump release number

- Fixed caching of user and group names
- Backported RFC 4515 escaping of LDAP queries
   Resolves: rhbz#855836
   Resolves: rhbz#869287

- Add the -c option to sed commands in post/postun scripts
   Resolves: rhbz#818585

- Implement a new sudoers Defaults option to restore old command exec 
   Resolves: rhbz#840971

- Add ability to treat files authoritatively in sudoers.ldap
   Resolves: rhbz#840097

- Changed policycoreutils dependency to a context specific dependency
   (post & postun)
   Resolves: rhbz#846694

- don't use a temporary file when modifying nsswitch.conf
- fix permissions on nsswitch.conf, if needed
   Resolves: rhbz#846631

- added a workaround for a race condition in handling child processes
   Resolves: rhbz#829263

- use safe temporary files in post/postun scripts
- corrected postun script
   Resolves: rhbz#841070

- corrected release number

- call restorecon after modifying nsswitch.conf in the postun scriplet
- added policycoreutils dependency
   Resolves: rhbz#818585

- fixed `sudo -i' command escaping (#806073)
- fixed multiple sudoHost LDAP attr. handlng (#740884)
   Resolves: rhbz#740884
   Resolves: rhbz#806073

More information about the Oraclevm-errata mailing list