CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Mitigation /etc/sudoers within the container should use the securepath option to prevent the PATH environment variable...

sudo security update

1.8.6p3-29.0.1.el610.3 - Fixes OraBug: 28747380 sudo does not honor envkeep-='KRB5CCNAME' after 'sudo -k' [email protected] 1.8.6p3-29.3 - RHEL-6.10.z ERRATUM - fixed CVE-2019-18634 Resolves: rhbz1799018 1.8.6p3-29.2 - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz1760684...

sudo security update

1.8.6p3-29.0.1.el610.2 - Fixes OraBug: 28747380 sudo does not honor envkeep-='KRB5CCNAME' after 'sudo -k' [email protected] 1.8.6p3-29.2 - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz1760684...

Scientific Linux Security Update : sudo on SL7.x x86_64 (20161103)

Security Fixes : - It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from...

Fedora 12 : sudo-1.7.4p4-2.fc12 (2010-14996)

reset $HOME when the -i' option is used - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD - ISC - added envkeep += HOME see rhbz614025 for backwards compatibility - added...

Fedora 13 : sudo-1.7.4p4-1.fc13 (2010-14355)

update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD - ISC - added envkeep += HOME see rhbz614025 for backwards compatibility - added Defaults !visiblepw - fixes CVE-2010-2956...