CLSA-2025-1761325294

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2025-1761325294.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1761325294
Upstream
Published
2025-10-24T17:01:38Z
Modified
2026-06-04T09:45:05.647658987Z
Summary
Fix CVE(s): CVE-2021-23240, CVE-2023-42465, CVE-2025-32462
Details
  • SECURITY UPDATE: privilege escalation via symlinks
  • debian/patches/CVE-2021-23240.patch: fix opportunity for local unprivileged user to gain file ownership via symlinks.
  • SECURITY UPDATE: unauthorized commands execution on unintended hosts
  • debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges
  • CVE-2025-32462
  • SECURITY UPDATE: row hammer attack
  • debian/patches/CVE-2023-42465.patch: make return values resist to single bit flips
  • CVE-2023-42465
References

Affected packages

TuxCare:Debian:10 / sudo

Package

Name
sudo
Purl
pkg:deb/tuxcare/sudo?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.27-1+deb10u6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2025-1761325294.json"

TuxCare:Debian:10 / sudo-ldap

Package

Name
sudo-ldap
Purl
pkg:deb/tuxcare/sudo-ldap?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.27-1+deb10u6+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2025-1761325294.json"