Описание
ELSA-2014-0266: sudo security update (MODERATE)
[1.7.2p1-29]
- added patch for CVE-2014-0106: certain environment variables not sanitized when env_reset is disabled Resolves: rhbz#1072210
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
sudo
1.7.2p1-29.el5_10
Oracle Linux x86_64
sudo
1.7.2p1-29.el5_10
Oracle Linux i386
sudo
1.7.2p1-29.el5_10
Связанные CVE
Связанные уязвимости
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.