sudo-1.9.5p2-1.el8_9
エラータID: AXSA:2024-7518:01
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Bug Fix(es) and Enhancement(s):
* CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
* CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
* CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Update packages.
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
N/A
SRPMS
- sudo-1.9.5p2-1.el8_9.src.rpm
MD5: 6c03af631fe90f77c1423a4a3cc2dfe2
SHA-256: 3ecf3416228da6d4663b6b3f8b4e4fc95507f7ae84f1700d59ca56910cfc8b19
Size: 3.90 MB
Asianux Server 8 for x86_64
- sudo-1.9.5p2-1.el8_9.x86_64.rpm
MD5: bde460f4df0cd59d1532364be0441979
SHA-256: a8079b4c7fd294a3441c6f0388e3e6bd1829e1dd4f3f852c1ec7976d8c7c7c5c
Size: 1.05 MB