Synopsis: Moderate: sudo security update Advisory ID: SLSA-2014:0266-1 Issue Date: 2014-03-10 CVE Numbers: CVE-2014-0106 -- A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. (CVE-2014-0106) Note: This issue does not affect the default configuration of the sudo package as shipped with Scientific Linux 5. -- SL5 x86_64 sudo-1.7.2p1-29.el5_10.x86_64.rpm sudo-debuginfo-1.7.2p1-29.el5_10.x86_64.rpm i386 sudo-1.7.2p1-29.el5_10.i386.rpm sudo-debuginfo-1.7.2p1-29.el5_10.i386.rpm - Scientific Linux Development Team