Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2016:2872-1
Issue Date: 2016-12-06
CVE Numbers: CVE-2016-7032
* It was discovered that the sudo noexec restriction could have been
bypassed if application run via sudo executed system(), popen(), or
wordexp() C library functions with a user supplied argument. A local user
permitted to run such application via sudo with noexec restriction could
use these flaws to execute arbitrary commands with elevated privileges.
These issues were discovered by Florian Weimer (Red Hat).
– Scientific Linux Development Team