[Oraclevm-errata] OVMSA-2016-0079 Oracle VM 3.2 sudo security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Jun 21 10:10:39 PDT 2016 

Oracle VM Security Advisory OVMSA-2016-0079

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
sudo-1.7.2p1-29.el5_10.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/sudo-1.7.2p1-29.el5_10.src.rpm



Description of changes:

[1.7.2p1-29]
- added patch for CVE-2014-0106: certain environment variables not
   sanitized when env_reset is disabled
   Resolves: rhbz#1072210

[1.7.2p1-28]
- backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 
CVE-2013-2777
   Resolves: rhbz#968221

[1.7.2p1-27]
- visudo: fixed incorrect warning and parse error regarding
   undefined aliases which were in fact defined
   Resolves: rhbz#849679
   Resolves: rhbz#905624

[1.7.2p1-26]
- updated sudoers man-page to clarify the behavior of the user
   negation operator and the behavior of wildcard matching in command
   specifications
   Resolves: rhbz#846118
   Resolves: rhbz#856902

[1.7.2p1-25]
- fixed regression in escaping of sudo -i arguments
   Resolves: rhbz#853203

[1.7.2p1-24]
- bump release number

[1.7.2p1-23]
- Fixed caching of user and group names
- Backported RFC 4515 escaping of LDAP queries
   Resolves: rhbz#855836
   Resolves: rhbz#869287

[1.7.2p1-22]
- Add the -c option to sed commands in post/postun scripts
   Resolves: rhbz#818585

[1.7.2p1-21]
- Implement a new sudoers Defaults option to restore old command exec 
behavior
   Resolves: rhbz#840971

[1.7.2p1-20]
- Add ability to treat files authoritatively in sudoers.ldap
   Resolves: rhbz#840097

[1.7.2p1-19]
- Changed policycoreutils dependency to a context specific dependency
   (post & postun)
   Resolves: rhbz#846694

[1.7.2p1-18]
- don't use a temporary file when modifying nsswitch.conf
- fix permissions on nsswitch.conf, if needed
   Resolves: rhbz#846631

[1.7.2p1-17]
- added a workaround for a race condition in handling child processes
   Resolves: rhbz#829263

[1.7.2p1-16]
- use safe temporary files in post/postun scripts
- corrected postun script
   Resolves: rhbz#841070

[1.7.2p1-15]
- corrected release number

[1.7.2p1-14.2]
- call restorecon after modifying nsswitch.conf in the postun scriplet
- added policycoreutils dependency
   Resolves: rhbz#818585

[1.7.2p1-14.1]
- fixed `sudo -i' command escaping (#806073)
- fixed multiple sudoHost LDAP attr. handlng (#740884)
   Resolves: rhbz#740884
   Resolves: rhbz#806073

More information about the Oraclevm-errata mailing list