[sudo-workers] sudo 1.8.17b1 released

Todd C. Miller Todd.Miller at courtesan.com
Fri May 20 13:02:19 MDT 2016

The first beta release of sudo 1.8.17 is now available.  This is
primarily a bug fix release.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.17b1 and 1.8.16:

 * On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
   but pam_start(3) fails, fall back to AIX authentication.
   Bug #740.

 * Sudo now takes all sudoers sources into account when determining
   whether or not "sudo -l" or "sudo -b" should prompt for a password.
   In other words, if both file and ldap sudoers sources are in
   specified in /etc/nsswitch.conf, "sudo -v" will now require that
   all entries in both sources be have NOPASSWD (file) or !authenticate
   (ldap) in the entries.

 * Sudo now ignores SIGPIPE until the command is executed.  Previously,
   SIGPIPE was only ignored in a few select places.  Bug #739.

 * Fixed a bug introduced in sudo 1.8.14 where (non-syslog) log
   file entries were missing the newline when loglinelen is set to
   a non-positive number.  Bug #742.

 * Unix groups are now set before the plugin session intialization
   code is run.  This makes it possible to use dynamic groups with
   the Linux-PAM pam_group module.

 * Fixed a bug where a debugging statement could dereference a NULL
   pointer when looking up a group that doesn't exist.  Bug #743.

 * Sudo has been run through the Coverity code scanner.  A number of
   minor bugs have been fixed as a result.  None were security issues.

 * SELinux support, which was broken in 1.8.16, has been repaired.

 * Fixed a bug when logging I/O where all buffers might not get
   flushed at exit when reading from standard input.

More information about the sudo-workers mailing list