CentOS Update for sudo CESA-2010:0122 centos5 i386

Solution
Please Install the Updated Packages.
Insight
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426) The sudo utility did not properly initialize supplementary groups when the &quot runas_default&quot option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with &quot runas_default&quot , they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427) Users of sudo should upgrade to this updated package, which contains backported patches to correct these issues.
Affected
sudo on CentOS 5
References