Source: sudo Version: 1.8.10p3-1 Severity: important Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for sudo. CVE-2016-7076[0]: noexec bypass via wordexp() >From the NEWS entry: When sudo_noexec.so is used, the WRDE_NOCMD flag is now added if the wordexp() function is called. This prevents commands from being run via wordexp() without disabling it entirely. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7076 [1] https://www.sudo.ws/repos/sudo/rev/e7d09243e51b, https://www.sudo.ws/repos/sudo/rev/7b8357b0a358, https://www.sudo.ws/repos/sudo/rev/167a518d8129 Regards, Salvatore
