sudo-1.9.5p2-10.el9_3
エラータID: AXSA:2024-7526:02
Release date:
Friday, February 16, 2024 - 16:00
Subject:
sudo-1.9.5p2-10.el9_3
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Bug Fix(es) and Enhancement(s):
CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay
output
CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
CVE(s):
CVE-2023-28486
CVE-2023-28487
CVE-2023-42465
Solution:
Update packages.
CVEs:
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Additional Info:
N/A
Download:
SRPMS
- sudo-1.9.5p2-10.el9_3.src.rpm
MD5: 5fc5661d01961f86c720235ae1537367
SHA-256: a2e16ef3ff98a2dbb7574c9a0f10e62e211eca42463aa0434e7870f4a7bc6baa
Size: 3.88 MB
Asianux Server 9 for x86_64
- sudo-1.9.5p2-10.el9_3.x86_64.rpm
MD5: 067816e96b509e33f713db8b16449f60
SHA-256: 42d51177ee99561d2ba4db4f324765c40081d8ea9c8538c4713d709096b1257c
Size: 1.04 MB - sudo-python-plugin-1.9.5p2-10.el9_3.x86_64.rpm
MD5: d6b280cf476aee47ea0cc6fe3793e13c
SHA-256: 127a2f60b3ab4a64e897c23031471243318091be5bdeea70fd4a54257f652641
Size: 51.95 kB
日本語