It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the โALLโ alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restriction bypass. This is now explicitly disabled. A new setting called โallow_unknown_runas_idโ was introduced in order to enable this.
This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root. Any other configuration of sudo is not affected by this flaw.