Synopsis: Moderate: sudo security update Issue date: 2010-04-20 CVE Names: CVE-2010-1163 In configurations where the ignore_dot option was set to off (the default is on for the Scientific Linux 5 sudo package), a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the users sudoedit was authorized to run as. (CVE-2010-1163) SL 5.x SRPMS: sudo-1.7.2p1-6.el5_5.src.rpm i386: sudo-1.7.2p1-6.el5_5.i386.rpm x86_64: sudo-1.7.2p1-6.el5_5.x86_64.rpm -Connie Sieh -Troy Dawson