A vulnerability in sudo could allow a local attacker to read arbitrary files or bypass security restrictions.
|Package||app-admin/sudo on all architectures|
|Affected versions||< 1.8.12|
|Unaffected versions||>= 1.8.12|
sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.
sudo does not handle the TZ environment variable properly.
A local attacker may be able to read arbitrary files or information from device special files.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.12"
April 11, 2015
April 11, 2015: 1