sudo-1.9.5p2-7.el9.1

The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.

Security Fix(es):

* sudo: arbitrary file write with privileges of the RunAs user
(CVE-2023-22809)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra
arguments passed in the user-provided environment variables (SUDO_EDITOR,
VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to
the list of files to process. This can lead to privilege escalation. Affected
versions are 1.8.0 through 1.9.12.p1. The problem exists because a
user-specified editor may contain a "--" argument that defeats a protection
mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.