Package name
sudo
Date
2010-09-12
Advisory ID
MDVSA-2010:175
Affected versions
2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in sudo:

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does
not properly handle use of the -u option in conjunction with the -g
option, which allows local users to gain privileges via a command
line containing a -u root sequence (CVE-2010-2956).

The updated packages have been patched to correct this issue.

Updated packages

2010.0 x86_64

 e9771004f22b2fc377cf51694ddd5f30  2010.0/x86_64/sudo-1.7.2-0.p1.1.4mdv2010.0.x86_64.rpm 
 cca6c09641101ea4f1fae32ec74c849f  2010.0/SRPMS/sudo-1.7.2-0.p1.1.4mdv2010.0.src.rpm

2010.1 i586

 017af99d278ee67258ed8200ceb51f41  2010.1/i586/sudo-1.7.2-0.p7.1.1mdv2010.1.i586.rpm 
 05c18dedeb4a8e913c0c1566c459a55c  2010.1/SRPMS/sudo-1.7.2-0.p7.1.1mdv2010.1.src.rpm

2010.0 i586

 fadb28a5027cdae180c287cdc44ce9f7  2010.0/i586/sudo-1.7.2-0.p1.1.4mdv2010.0.i586.rpm 
 cca6c09641101ea4f1fae32ec74c849f  2010.0/SRPMS/sudo-1.7.2-0.p1.1.4mdv2010.0.src.rpm

2009.1 i586

 6e4430f6b046f94ff2c173643f523e0a  2009.1/i586/sudo-1.7.0-1.6mdv2009.1.i586.rpm 
 04e5f930cc56b1fdb103dde1db5ebabe  2009.1/SRPMS/sudo-1.7.0-1.6mdv2009.1.src.rpm

2009.1 x86_64

 2ce7c0c655973c03d8b8061db466ca71  2009.1/x86_64/sudo-1.7.0-1.6mdv2009.1.x86_64.rpm 
 04e5f930cc56b1fdb103dde1db5ebabe  2009.1/SRPMS/sudo-1.7.0-1.6mdv2009.1.src.rpm

2010.1 x86_64

 c1f8826bd6df14e9daf932c106e46f40  2010.1/x86_64/sudo-1.7.2-0.p7.1.1mdv2010.1.x86_64.rpm 
 05c18dedeb4a8e913c0c1566c459a55c  2010.1/SRPMS/sudo-1.7.2-0.p7.1.1mdv2010.1.src.rpm

References