[Bug 1607666] Re: sudo fails with host netgroup returned from freeipa

[Steve Beattie]

As part of https://www.ubuntu.com/usn/usn-3304-1/ , the sudo in yakkety-
proposed has been superceded by sudo 1.8.16-0ubuntu3.2 in yakkety-
security. Please upload a new version to yakkety-proposed that
incorporates the security fix from the update.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1607666

Title:
  sudo fails with host netgroup returned from freeipa

Status in sudo package in Ubuntu:
  Fix Released
Status in sudo source package in Xenial:
  Fix Released
Status in sudo source package in Yakkety:
  Fix Committed

Bug description:
  [Impact]
  Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details.

  This was fixed in sudo 1.8.17
  (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which
  I'd very much like to see backported to Ubuntu 16.04. If possible,
  updating sudo completely to 1.8.17 would be nice, since there have
  been quite a few improvements with regards to sss and freeipa and it
  would be a shame if we could not benefit from them given that 16.04 is
  LTS.

  [Test case]
  install the update, test that sudo works on a freeipa installation that uses netgroups

  [Regression potential]
  <tjaalton> I looked at upstream commits to sssd.c, and there were no commits that touch this area, so chance of regressions should be slim

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions