SuSE 10 Security Update : sudo, sudo-debuginfo (ZYPP Patch Number 8134)
High Nessus Plugin ID 59288
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes a security problem in sudo :
Multiple netmask values used in Host / Host_List configuration caused any host to be allowed access. (CVE-2012-2337)
Also a bug in wildcard matching could allow too relaxed matches within subdirectories of the specified path so /usr/bin/* would also match /usr/bin/X11/*, which is probably not intended. The behavior was aligned to the one described in the sudoers manpage
SolutionApply ZYPP patch number 8134.