Package sudo: Information

    Source package: sudo
    Version: 1.9.16p2-alt3
    Build time:  Jul 2, 2025, 04:50 PM in the task #388682
    Category: System/Base
    Report package bug
    Gear: https://git.altlinux.org/gears/s/sudo.git?a=tree;hb=2c57d5bb9fbe…
    Home page: https://www.sudo.ws
    License: ISC
    Summary: Allows command execution as another user
    Description: 
    Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity.  The basic philosophy is
to give as few privileges as possible but still allow people to get
their work done.
    List of RPM packages built from this SRPM:
    sudo (x86_64, i586, armh, aarch64)
    sudo-debuginfo (x86_64, i586, armh, aarch64)
    sudo-devel (noarch)
    sudo-logsrvd (x86_64, i586, armh, aarch64)
    sudo-logsrvd-debuginfo (x86_64, i586, armh, aarch64)
    sudo-python (x86_64, i586, armh, aarch64)
    sudo-python-debuginfo (x86_64, i586, armh, aarch64)
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Nikolai Kostrigin
    Vitaly Kuznetsov
    Dmitry V. Levin
    qa-robot
      1. flex
      2. /usr/bin/nroff
      3. libaudit-devel
      4. libcap-devel
      5. libpam-devel
      6. libselinux-devel
      7. python3-dev
      8. perl-podlators

    Last changed

    July 1, 2025 Evgeny Sinelnikov 1:1.9.16p2-alt3
    - Security release (fixes: CVE-2025-32462, CVE-2025-32463) (closes: 55007):
 + Sudo's -h (--host) option could be specified when running a command or
   editing a file. This could enable a local privilege escalation attack if the
   sudoers file allows the user to run commands on a different host.
   For more information, see Local Privilege Escalation via host option:
   https://www.sudo.ws/security/advisories/host_any/
 + An attacker can leverage sudo's -R (--chroot) option to run arbitrary
   commands as root, even if they are not listed in the sudoers file. The chroot
   support has been deprecated an will be removed entirely in a future release.
   For more information, see Local Privilege Escalation via chroot option:
   https://www.sudo.ws/security/advisories/chroot_bug/
    April 15, 2025 Evgeny Sinelnikov 1:1.9.16p2-alt2
    - Fixed segmentation fault in pty_cleanup() under low memory
  conditions (closes: 53841).
    Dec. 27, 2024 Evgeny Sinelnikov 1:1.9.16p2-alt1
    - Update to latest stable bugfix release:
 + Sudo now passes the terminal device number to the policy plugin even if it
   cannot resolve it to a path name (GitHub#421).
 + On Linux systems, sudo will now attempt to use the symbolic links in
   /proc/self/fd/{0,1,2} when resolving the terminal device number.
 + Fixed the date used by the exit record in sudo-format log files.
   This was a regression introduced in sudo 1.9.16 and only affected
   file-based logs, not syslog (GitHub#405).
 + When a duplicate alias is found in the sudoers file, the warning message now
   includes the file and line number of the previous definition.
 + Sudo no longer sends mail when a user runs "sudo -nv" or "sudo -nl", even
   if "mail_badpass" or "mail_always" are set.
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v25.10.0
    Back to top