sudo (SL6, SL7) | Scientific Linux

Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2016:2872-1
Issue Date: 2016-12-06
CVE Numbers: CVE-2016-7032
CVE-2016-7076
—

Security Fix(es):

* It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed system(), popen(), or
wordexp() C library functions with a user supplied argument. A local user
permitted to run such application via sudo with noexec restriction could
use these flaws to execute arbitrary commands with elevated privileges.
(CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).
—

SL6
x86_64
sudo-1.8.6p3-25.el6_8.x86_64.rpm
sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm
sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
sudo-devel-1.8.6p3-25.el6_8.i686.rpm
sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm
i386
sudo-1.8.6p3-25.el6_8.i686.rpm
sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
sudo-devel-1.8.6p3-25.el6_8.i686.rpm
SL7
x86_64
sudo-1.8.6p7-21.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm
sudo-devel-1.8.6p7-21.el7_3.i686.rpm
sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm

– Scientific Linux Development Team

SL Security Errata