Advisories » MGASA-2023-0133

Updated sudo packages fix security vulnerability

Publication date: 11 Apr 2023
Modification date: 11 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-28486 , CVE-2023-28487

Description

Sudo before 1.9.13 does not escape control characters in log messages.
(CVE-2023-28486)
Sudo before 1.9.13 does not escape control characters in sudoreplay
output. (CVE-2023-28487)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31738
• https://lists.suse.com/pipermail/sle-security-updates/2023-March/014226.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28486
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28487

SRPMS

8/core

• sudo-1.9.5p2-2.3.mga8