Recommended update for sudo

SUSE Recommended Update: Recommended update for sudo
Announcement ID: SUSE-RU-2020:14370-1
Rating: important
References: #1015162 #1015351
Affected Products:
  • SUSE Linux Enterprise Server 11-SP4-LTSS
  • SUSE Linux Enterprise Point of Sale 11-SP3
  • SUSE Linux Enterprise Debuginfo 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP3

An update that has two recommended fixes can now be installed.

Description:

This update for sudo fixes the following issues:

  • Check if the monitor process became an orphan when receiving SIGHUP. (bsc#1015162) Terminate the child in that case.

  • sudo is not able to resolve sudo for users when using LDAP. (bsc#1015351) SSSD doesn't handle netgroups, we have to ensure they are correctly filtered in sudo. The rules may contain mixed sudoUser specification so we have to check not only for netgroup membership but also for user and group matches.

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-sudo-14370=1
  • SUSE Linux Enterprise Point of Sale 11-SP3:
    zypper in -t patch sleposp3-sudo-14370=1
  • SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-sudo-14370=1
  • SUSE Linux Enterprise Debuginfo 11-SP3:
    zypper in -t patch dbgsp3-sudo-14370=1

Package List:

  • SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
    • sudo-1.7.6p2-0.30.8.1
  • SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
    • sudo-1.7.6p2-0.30.8.1
  • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
    • sudo-debuginfo-1.7.6p2-0.30.8.1
    • sudo-debugsource-1.7.6p2-0.30.8.1
  • SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
    • sudo-debuginfo-1.7.6p2-0.30.8.1
    • sudo-debugsource-1.7.6p2-0.30.8.1

References: