4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands.
Red Hat would like to thank Grisha Levit for reporting this issue.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | i686 | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.i686.rpm |
RedHat | 7 | s390 | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.s390.rpm |
RedHat | 7 | aarch64 | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.aarch64.rpm |
RedHat | 7 | ppc | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.ppc.rpm |
RedHat | 7 | aarch64 | sudo-debuginfo | < 1.8.6p7-20.el7 | sudo-debuginfo-1.8.6p7-20.el7.aarch64.rpm |
RedHat | 7 | x86_64 | sudo | < 1.8.6p7-20.el7 | sudo-1.8.6p7-20.el7.x86_64.rpm |
RedHat | 7 | ppc64le | sudo-devel | < 1.8.6p7-20.el7 | sudo-devel-1.8.6p7-20.el7.ppc64le.rpm |
RedHat | 7 | s390x | sudo-debuginfo | < 1.8.6p7-20.el7 | sudo-debuginfo-1.8.6p7-20.el7.s390x.rpm |
RedHat | 7 | ppc | sudo-debuginfo | < 1.8.6p7-20.el7 | sudo-debuginfo-1.8.6p7-20.el7.ppc.rpm |
RedHat | 7 | ppc64 | sudo | < 1.8.6p7-20.el7 | sudo-1.8.6p7-20.el7.ppc64.rpm |
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%