Synopsis:          Moderate: sudo security update
Advisory ID:       SLSA-2016:2872-1
Issue Date:        2016-12-06
CVE Numbers:       CVE-2016-7032
                   CVE-2016-7076
--

Security Fix(es):

* It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed system(), popen(), or
wordexp() C library functions with a user supplied argument. A local user
permitted to run such application via sudo with noexec restriction could
use these flaws to execute arbitrary commands with elevated privileges.
(CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).
--

SL6
  x86_64
    sudo-1.8.6p3-25.el6_8.x86_64.rpm
    sudo-debuginfo-1.8.6p3-25.el6_8.x86_64.rpm
    sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
    sudo-devel-1.8.6p3-25.el6_8.i686.rpm
    sudo-devel-1.8.6p3-25.el6_8.x86_64.rpm
  i386
    sudo-1.8.6p3-25.el6_8.i686.rpm
    sudo-debuginfo-1.8.6p3-25.el6_8.i686.rpm
    sudo-devel-1.8.6p3-25.el6_8.i686.rpm
SL7
  x86_64
    sudo-1.8.6p7-21.el7_3.x86_64.rpm
    sudo-debuginfo-1.8.6p7-21.el7_3.x86_64.rpm
    sudo-debuginfo-1.8.6p7-21.el7_3.i686.rpm
    sudo-devel-1.8.6p7-21.el7_3.i686.rpm
    sudo-devel-1.8.6p7-21.el7_3.x86_64.rpm

- Scientific Linux Development Team