Updated sudo packages fix security vulnerabilities
Publication date: 25 Jul 2025Modification date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32462 , CVE-2025-32463
Description
CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that
specifies a host that is neither the current host nor ALL, allows listed
users to execute commands on unintended machines
CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root
access because "/etc/nsswitch.conf" from a user-controlled directory is
used with the --chroot option.
References
- https://bugs.mageia.org/show_bug.cgi?id=34409
- https://www.openwall.com/lists/oss-security/2025/06/30/2
- https://www.openwall.com/lists/oss-security/2025/06/30/3
- https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463
SRPMS
9/core
- sudo-1.9.15p5-1.1.mga9