3 matches found
SUSE-SU-2015:0985-1 Security update for sudo
This collective update for sudo provides fixes for the following issues: Security policy bypass when envreset is disabled. CVE-2014-0106, bnc866503 Regression in the previous update that causes a segmentation fault when running 'sudo -s'. bnc868444 Command 'who -m' prints no output when using...
DEBIAN-CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
sudo: certain environment variables not sanitized when env_reset is disabled
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...