(RHSA-2010:0675) Important: sudo security update

ID RHSA-2010:0675
Type redhat
Reporter RedHat
Modified 2017-09-08T11:54:03


The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root.

A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956)

Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue.

Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.