June 18, 2010
"A flaw was found in the way sudo handled the presence of duplicated
environment variables. A local user authorized to run commands using
sudo could use this flaw to set additional values for the environment
variables set by sudo, which could result in those values being used by
the executed command instead of the values set by sudo. This could
possibly lead to certain intended restrictions being bypassed, such as
the secure_path setting."
It is recommended to apply the update ASAP through the RHEL-provided
RPMs. This particular RPM is available in the RHEL yum repositories.
This vulnerability should be treated as:
Priority 3: This vulnerability has not yet been exploited at the
Institute. The probability of exploitation is medium and there may be
discussion about the vulnerability in security circles.
Severity 2: This vulnerability poses high risk to an entire
group/school, possible including resources available to another