Advisories ยป MGASA-2016-0389

Updated sudo packages fix security vulnerability

Publication date: 17 Nov 2016
Modification date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7076

Description

It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed wordexp() C library function
with a user supplied argument. A local user permitted to run such
application via sudo with noexec restriction could possibly use this flaw
to execute arbitrary commands with elevated privileges (CVE-2016-7076).
                

References

SRPMS

5/core