USN-6005-1
- Source
- https://ubuntu.com/security/notices/USN-6005-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6005-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6005-1
- Related
- Published
- 2023-04-11T14:19:40.755304Z
- Modified
- 2023-04-11T14:19:40.755304Z
- Summary
- sudo vulnerabilities
- Details
-
Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed.
- References
Affected packages
Ubuntu:18.04:LTS / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/ubuntu/sudo@1.8.21p2-3ubuntu1.6?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.21p2-3ubuntu1.6
Affected versions
1.*
1.8.20p2-1ubuntu1
1.8.21p2-2ubuntu1
1.8.21p2-3ubuntu1
1.8.21p2-3ubuntu1.1
1.8.21p2-3ubuntu1.2
1.8.21p2-3ubuntu1.3
1.8.21p2-3ubuntu1.4
1.8.21p2-3ubuntu1.5
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.8.21p2-3ubuntu1.6",
"binary_name": "sudo"
},
{
"binary_version": "1.8.21p2-3ubuntu1.6",
"binary_name": "sudo-dbgsym"
},
{
"binary_version": "1.8.21p2-3ubuntu1.6",
"binary_name": "sudo-ldap"
},
{
"binary_version": "1.8.21p2-3ubuntu1.6",
"binary_name": "sudo-ldap-dbgsym"
}
]
}
Ubuntu:20.04:LTS / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/ubuntu/sudo@1.8.31-1ubuntu1.5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.31-1ubuntu1.5
Affected versions
1.*
1.8.27-1ubuntu4
1.8.29-1ubuntu1
1.8.31-1ubuntu1
1.8.31-1ubuntu1.1
1.8.31-1ubuntu1.2
1.8.31-1ubuntu1.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.8.31-1ubuntu1.5",
"binary_name": "sudo"
},
{
"binary_version": "1.8.31-1ubuntu1.5",
"binary_name": "sudo-dbgsym"
},
{
"binary_version": "1.8.31-1ubuntu1.5",
"binary_name": "sudo-ldap"
},
{
"binary_version": "1.8.31-1ubuntu1.5",
"binary_name": "sudo-ldap-dbgsym"
}
]
}
Ubuntu:22.04:LTS / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/ubuntu/sudo@1.9.9-1ubuntu2.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.9.9-1ubuntu2.4
Affected versions
1.*
1.9.5p2-3ubuntu2
1.9.9-1ubuntu2
1.9.9-1ubuntu2.1
1.9.9-1ubuntu2.2
1.9.9-1ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.9.9-1ubuntu2.4",
"binary_name": "sudo"
},
{
"binary_version": "1.9.9-1ubuntu2.4",
"binary_name": "sudo-dbgsym"
},
{
"binary_version": "1.9.9-1ubuntu2.4",
"binary_name": "sudo-ldap"
},
{
"binary_version": "1.9.9-1ubuntu2.4",
"binary_name": "sudo-ldap-dbgsym"
}
]
}