Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2014:0266-1
Issue Date: 2014-03-10
CVE Numbers: CVE-2014-0106
A flaw was found in the way sudo handled its blacklist of environment
variables. When the “env_reset” option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to
run an arbitrary command with the target user’s privileges.
Note: This issue does not affect the default configuration of the sudo
package as shipped with Scientific Linux 5.
– Scientific Linux Development Team