Important: sudo

2017-06-06T22:51:00
ID ALAS-2017-843
Type amazon
Reporter Amazon
Modified 2017-06-06T22:51:00

Description

Issue Overview:

A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367 __)

Affected Packages:

sudo

Issue Correction:
Run yum update sudo to update your system.

New Packages:

i686:  
    sudo-devel-1.8.6p3-28.25.amzn1.i686  
    sudo-1.8.6p3-28.25.amzn1.i686  
    sudo-debuginfo-1.8.6p3-28.25.amzn1.i686

src:  
    sudo-1.8.6p3-28.25.amzn1.src

x86_64:  
    sudo-1.8.6p3-28.25.amzn1.x86_64  
    sudo-devel-1.8.6p3-28.25.amzn1.x86_64  
    sudo-debuginfo-1.8.6p3-28.25.amzn1.x86_64