SUSE-SU-2023:1665-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2023/suse-su-20231665-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:1665-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2023:1665-1

Related

Published

2023-03-29T10:55:22Z

Modified

2023-03-29T10:55:22Z

Summary

Security update for sudo

Details

This update for sudo fixes the following issue:

Security issues:

CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)
CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)
CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).

Bug fixes:

Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)
If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).
Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).

References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / sudo

Package

Name: sudo
Purl: pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-150400.4.26.1

Ecosystem specific

{
    "binaries": [
        {
            "sudo": "1.9.9-150400.4.26.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / sudo

Package

Name: sudo
Purl: pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-150400.4.26.1

Ecosystem specific

{
    "binaries": [
        {
            "sudo": "1.9.9-150400.4.26.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / sudo

Package

Name: sudo
Purl: pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-150400.4.26.1

Ecosystem specific

{
    "binaries": [
        {
            "sudo-plugin-python": "1.9.9-150400.4.26.1",
            "sudo": "1.9.9-150400.4.26.1",
            "sudo-devel": "1.9.9-150400.4.26.1"
        }
    ]
}

openSUSE:Leap Micro 5.3 / sudo

Package

Name: sudo
Purl: pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%20Micro%205.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-150400.4.26.1

Ecosystem specific

{
    "binaries": [
        {
            "sudo": "1.9.9-150400.4.26.1"
        }
    ]
}

openSUSE:Leap 15.4 / sudo

Package

Name: sudo
Purl: pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%2015.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-150400.4.26.1

Ecosystem specific

{
    "binaries": [
        {
            "sudo-plugin-python": "1.9.9-150400.4.26.1",
            "sudo": "1.9.9-150400.4.26.1",
            "sudo-devel": "1.9.9-150400.4.26.1",
            "sudo-test": "1.9.9-150400.4.26.1"
        }
    ]
}