A privilege escalation vulnerability was identified in Sudo package. A local attacker can exploit this vulnerability by providing an invalid user ID while requesting to run a command as root. This vulnerability could only be exploited if the configuration file of Sudo is written to allow a user to run a command as any user except root.
Please note that Red Hat Enterprise Linux 5 has reached the end of maintenance provided by Red Hat on 31 March 2017. Red Hat Enterprise Linux 5 will not receive the relevant patch. Users should upgrade to the latest version or arrange migrating to other supported technology.
Successful exploitation could lead to elevation of privilege on an affected system.
A patch for the vulnerability is available for some of the Linux distributions, such as Debian and Ubuntu. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of the patch, and if so, apply the patch or follow the recommendations provided by the product vendors to mitigate the risk.
https://www.sudo.ws/alerts/minus_1_uid.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287