Joined: 12 May 2004
|Posted: Wed Jun 17, 2015 8:26 pm Post subject: [ GLSA 201504-02 ] sudo
|Gentoo Linux Security Advisory
Title: sudo: Information disclosure (GLSA 201504-02)
Date: April 11, 2015
A vulnerability in sudo could allow a local attacker to read
arbitrary files or bypass security restrictions.
sudo allows a system administrator to give users the ability to run
commands as other users. Access to commands may also be granted on a
range to hosts.
Vulnerable: < 1.8.12
Unaffected: >= 1.8.12
Architectures: All supported architectures
sudo does not handle the TZ environment variable properly.
A local attacker may be able to read arbitrary files or information from
device special files.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.12"