Synopsis: Important: sudo security update Issue date: 2010-09-07 CVE Names: CVE-2010-2956 A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) SL 5.x SRPMS: sudo-1.7.2p1-8.el5_5.src.rpm i386: sudo-1.7.2p1-8.el5_5.i386.rpm x86_64: sudo-1.7.2p1-8.el5_5.x86_64.rpm -Connie Sieh -Troy Dawson