Please Install the Updated Packages.

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426) The sudo utility did not properly initialize supplementary groups when the &quot runas_default&quot option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with &quot runas_default&quot , they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427) Users of sudo should upgrade to this updated package, which contains backported patches to correct these issues.

sudo on CentOS 5

• http://lists.centos.org/pipermail/centos-announce/2010-March/016531.html

---

Updated on 2015-03-25