Synopsis: Moderate: sudo security update
Issue date: 2010-06-15
CVE Names: CVE-2010-1646
A flaw was found in the way sudo handled the presence of duplicated
environment variables. A local user authorized to run commands using
sudo could use this flaw to set additional values for the environment
variables set by sudo, which could result in those values being used by
the executed command instead of the values set by sudo. This could
possibly lead to certain intended restrictions being bypassed, such as
the secure_path setting. (CVE-2010-1646)
SL 5.x
SRPMS:
sudo-1.7.2p1-7.el5_5.src.rpm
i386:
sudo-1.7.2p1-7.el5_5.i386.rpm
x86_64:
sudo-1.7.2p1-7.el5_5.x86_64.rpm
-Connie Sieh
-Troy Dawson