In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of (ALL,!root) configuration for a “sudo -u#-1” command.
See https://www.sudo.ws/alerts/minus_1_uid.html for further information.
For Debian 7 Wheezy, these problems have been fixed in version 1.8.5p2-1+nmu3+deb7u5.
We recommend that you upgrade your sudo packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/