| Revision Date: | 2010-09-07 | Version: | 639 |
| Title: | RHSA-2010:0675: sudo security update (Important) |
| Description: | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root.
A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956)
Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue.
Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2010-2956
RHSA-2010:0675
RHSA-2010:0675-01
RHSA-2010:0675-01
|
| Platform(s): | Red Hat Enterprise Linux 5
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 5 is installed
AND sudo is earlier than 0:1.7.2p1-8.el5_5
AND sudo is signed with Red Hat redhatrelease2 key
|