Security update for sudo
This update for sudo fixes the following issues:
- fix two security vulnerabilities that allowed users to bypass
sudo's NOEXEC functionality:
* noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]
* noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]
Sudo was updated to the package from SUSE:SLE-12-SP2:Update, incorporating
the following new feature:
- allow dynamic groups with sudo [fate#318850]
The following bug fixes are included:
- parse /proc/stat for boottime correctly [boo#899252]
- enable SASL authentication [boo#979531]
- Submitted by Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#899252
sudo: "ignoring time stamp from the future" message after each boot with !tty_tickets
bnc#1007766
VUL-0: CVE-2016-7032: sudo: noexec bypass via system() and popen()
bnc#1007501
VUL-0: CVE-2016-7076: sudo: noexec bypass via wordexp()
bnc#979531
sudo: use_sasl does not work