Advisories » MGAA-2024-0044

Updated sudo packages fix a security vulnerability

Publication date: 04 Feb 2024
Modification date: 04 Feb 2024
Type: bugfix
Affected Mageia releases : 9
CVE: CVE-2023-42465

Description

The updated packages fix a security vulnerability:
Sudo before 1.9.15 might allow row hammer attacks (for authentication
bypass or privilege escalation) because application logic sometimes is
based on not equaling an error value (instead of equaling a success
value), and because the values do not resist flips of a single bit.
(CVE-2023-42465)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32790
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42465

SRPMS

9/core

• sudo-1.9.15p5-1.mga9