Hi, Sudo doesn't clean LANG / LC_xxx environment. So users can use something like LANG=../../../tmp and if they can run a program with higher privileges --> possible to exploit. To fix this sudo should clean LANG / LC_xxx if they contain '/' (like the new userhelper does). -Jarno PS. Users can exploit this only if they can run the programs with sudo and the program has i18n support.
*** Bug 18825 has been marked as a duplicate of this bug. ***
Done in 1.6.3p5-2
Hm, am I wrong or would this justify a security errata update instead of just rawhide? Changing severity to "security".