Updated sudo packages fix security vulnerabilityPublication date: 10 Nov 2015
Affected Mageia releases : 5
An unauthorized privilege escalation was found in sudoedit in sudo before 1.8.15 when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home/*/*/file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results in unauthorized access (CVE-2015-5602). The sudo package has been updated to version 1.8.15, which fixes this issue, and also includes many other bug fixes and changes. See the upstream change log for details.