For completeness please find below the original advisory text:
It has been discovered that sudo, a privileged program, that
provides limited super user privileges to specific users, passes
several environment variables to the program that runs with
elevated privileges. In the case of include paths (e.g. for Perl,
Python, Ruby or other scripting languages) this can cause arbitrary
code to be executed as privileged user if the attacker points to a
manipulated version of a system library.
This update alters the former behaviour of sudo and limits the
number of supported environment variables to LC_*, LANG, LANGUAGE
and TERM. Additional variables are only passed through when set as
env_check in /etc/sudoers, which might be required for some scripts
to continue to work.
For the old stable distribution (woody) this problem has been fixed in
version 1.6.6-1.6.
For the stable distribution (sarge) this problem has been fixed in
version 1.6.8p7-1.4.
...
Get the latest Linux and open source security news straight to your inbox.