Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 10 Mar 2014 17:34:45 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: sudo on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: sudo security update Advisory ID: SLSA-2014:0266-1 Issue Date: 2014-03-10 CVE Numbers: CVE-2014-0106 -- A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. (CVE-2014-0106) Note: This issue does not affect the default configuration of the sudo package as shipped with Scientific Linux 5. -- SL5 x86_64 sudo-1.7.2p1-29.el5_10.x86_64.rpm sudo-debuginfo-1.7.2p1-29.el5_10.x86_64.rpm i386 sudo-1.7.2p1-29.el5_10.i386.rpm sudo-debuginfo-1.7.2p1-29.el5_10.i386.rpm - Scientific Linux Development Team