Posted at LWN.net: The setuid application sudo(8) allows a user to execute commands under
the privileges of another user (including root).
sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow
in it's logging code, which could lead to local root compromise.
There is no exploit known to be public.
A useful workaround isn't possible, the only fix is to install the new