Package name
Advisory ID
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in sudo:

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows
local users or physically-proximate attackers to bypass intended time
restrictions and retain privileges without re-authenticating by setting
the system clock and sudo user timestamp to the epoch (CVE-2013-1775).

Sudo before 1.8.6p7 allows a malicious user to run commands via
sudo without authenticating, so long as there exists a terminal the
user has access to where a sudo command was successfully run by that
same user within the password timeout period (usually five minutes)

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 0a63960282d3502946d4f2a1f09992a9  mes5/i586/sudo-1.7.4p6-0.3mdvmes5.2.i586.rpm 
 30d4c634b9383cac4ab2dafdc68891ad  mes5/SRPMS/sudo-1.7.4p6-0.3mdvmes5.2.src.rpm

MES5 x86_64

 dd2b2eb33fd27b522216e664a5e95744  mes5/x86_64/sudo-1.7.4p6-0.3mdvmes5.2.x86_64.rpm 
 30d4c634b9383cac4ab2dafdc68891ad  mes5/SRPMS/sudo-1.7.4p6-0.3mdvmes5.2.src.rpm