Security news

A potential bypass of the sudo runas security mechanisms has been discovered; When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

For more info, please consult the sudo website at https://www.sudo.ws/alerts/minus_1_uid.html