diff --git a/sudo.spec b/sudo.spec
index 446b638..ddea7fd 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.9.5p2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: ISC
 URL: https://www.sudo.ws
 Source0: %{url}/dist/%{name}-%{version}.tar.gz
@@ -230,6 +230,10 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
 
 %changelog
+* Mon Feb 08 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.9.5p2-2
+- remove /usr/local/* from secure_path
+Resolves: rhbz#1908923
+
 * Tue Jan 26 2021 Matthew Miller <mattdm@fedoraproject.org> - 1.9.5p2-1
 - rebase to 1.9.5p2
 Resolves: rhbz#1920611
diff --git a/sudoers b/sudoers
index 5f621a8..91a80d4 100644
--- a/sudoers
+++ b/sudoers
@@ -85,7 +85,7 @@ Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY
 #
 # Defaults   env_keep += "HOME"
 
-Defaults    secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
+Defaults    secure_path = /usr/sbin:/usr/bin:/sbin:/bin
 
 ## Next comes the main part: which users can run what software on 
 ## which machines (the sudoers file can be shared between multiple