Slackware-13.0 ChangeLog (2014-03-06)
Thu Mar 6 04:14:23 UTC 2014
Packages
Upgraded
- patches/packages/sudo-1.7.10p8-i486-1_slack13.0.txz
This update fixes a security issue where if the env_reset option is disabled
in the sudoers file, a malicious user with sudo permissions may be able to
run arbitrary commands with elevated privileges by manipulating the
environment of a command the user is legitimately allowed to run.
For more information, see:
http://www.sudo.ws/sudo/alerts/env_add.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106
(* Security fix *)