CentOS Errata and Security Advisory CESA-2016:2593
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands.
Red Hat would like to thank Grisha Levit for reporting this issue.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029792.html
Affected packages:
sudo
sudo-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2593
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | sudo | < 1.8.6p7-20.el7 | sudo-1.8.6p7-20.el7.x86_64.rpm |
CentOS | 7 | i686 | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.i686.rpm |
CentOS | 7 | x86_64 | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.x86_64.rpm |