Synopsis:          Moderate: sudo security update
Advisory ID:       SLSA-2014:0266-1
Issue Date:        2014-03-10
CVE Numbers:       CVE-2014-0106
--

A flaw was found in the way sudo handled its blacklist of environment
variables. When the "env_reset" option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to
run an arbitrary command with the target user's privileges.
(CVE-2014-0106)

Note: This issue does not affect the default configuration of the sudo
package as shipped with Scientific Linux 5.
--

SL5
  x86_64
    sudo-1.7.2p1-29.el5_10.x86_64.rpm
    sudo-debuginfo-1.7.2p1-29.el5_10.x86_64.rpm
  i386
    sudo-1.7.2p1-29.el5_10.i386.rpm
    sudo-debuginfo-1.7.2p1-29.el5_10.i386.rpm

- Scientific Linux Development Team