Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2014:0266-1
Issue Date: 2014-03-10
CVE Numbers: CVE-2014-0106
—
A flaw was found in the way sudo handled its blacklist of environment
variables. When the “env_reset” option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to
run an arbitrary command with the target user’s privileges.
(CVE-2014-0106)
Note: This issue does not affect the default configuration of the sudo
package as shipped with Scientific Linux 5.
—
SL5
x86_64
sudo-1.7.2p1-29.el5_10.x86_64.rpm
sudo-debuginfo-1.7.2p1-29.el5_10.x86_64.rpm
i386
sudo-1.7.2p1-29.el5_10.i386.rpm
sudo-debuginfo-1.7.2p1-29.el5_10.i386.rpm
– Scientific Linux Development Team
