The sudo (superuser do) utility allows system administrators to givecertain users the ability to run commands as root.A privilege escalation flaw was found in the way sudo handled the sudoeditpseudo-command. If a local user were authorized by the sudoers file to usethis pseudo-command, they could possibly leverage this flaw to executearbitrary code with the privileges of the root user. (CVE-2010-0426)The sudo utility did not properly initialize supplementary groups when the"runas_default" option (in the sudoers file) was used. If a local userwere authorized by the sudoers file to perform their sudo commands underthe account specified with "runas_default", they would receive the rootuser's supplementary groups instead of those of the intended target user,giving them unintended privileges. (CVE-2010-0427)Users of sudo should upgrade to this updated package, which containsbackported patches to correct these issues.