Scientific Linux Security Update : sudo on SL7.x x86_64
Medium Nessus Plugin ID 95861
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure.
A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. (CVE-2016-7091)
Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands.
Additional Changes :
SolutionUpdate the affected sudo, sudo-debuginfo and / or sudo-devel packages.