USN-6005-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6005-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6005-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6005-1

Related

CVE-2023-28486
CVE-2023-28487
UBUNTU-CVE-2023-28486
UBUNTU-CVE-2023-28487

Published

2023-04-11T14:19:40.755304Z

Modified

2023-04-11T14:19:40.755304Z

Summary

sudo vulnerabilities

Details

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed.

References

Affected packages

Ubuntu:18.04:LTS / sudo

Package

Name: sudo
Purl: pkg:deb/ubuntu/sudo@1.8.21p2-3ubuntu1.6?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.21p2-3ubuntu1.6

Affected versions

1.*

1.8.20p2-1ubuntu1

1.8.21p2-2ubuntu1

1.8.21p2-3ubuntu1

1.8.21p2-3ubuntu1.1

1.8.21p2-3ubuntu1.2

1.8.21p2-3ubuntu1.3

1.8.21p2-3ubuntu1.4

1.8.21p2-3ubuntu1.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "sudo-dbgsym": "1.8.21p2-3ubuntu1.6",
            "sudo": "1.8.21p2-3ubuntu1.6",
            "sudo-ldap": "1.8.21p2-3ubuntu1.6",
            "sudo-ldap-dbgsym": "1.8.21p2-3ubuntu1.6"
        }
    ]
}

Ubuntu:20.04:LTS / sudo

Package

Name: sudo
Purl: pkg:deb/ubuntu/sudo@1.8.31-1ubuntu1.5?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.31-1ubuntu1.5

Affected versions

1.*

1.8.27-1ubuntu4

1.8.29-1ubuntu1

1.8.31-1ubuntu1

1.8.31-1ubuntu1.1

1.8.31-1ubuntu1.2

1.8.31-1ubuntu1.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "sudo-dbgsym": "1.8.31-1ubuntu1.5",
            "sudo": "1.8.31-1ubuntu1.5",
            "sudo-ldap": "1.8.31-1ubuntu1.5",
            "sudo-ldap-dbgsym": "1.8.31-1ubuntu1.5"
        }
    ]
}

Ubuntu:22.04:LTS / sudo

Package

Name: sudo
Purl: pkg:deb/ubuntu/sudo@1.9.9-1ubuntu2.4?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.9-1ubuntu2.4

Affected versions

1.*

1.9.5p2-3ubuntu2

1.9.9-1ubuntu2

1.9.9-1ubuntu2.1

1.9.9-1ubuntu2.2

1.9.9-1ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "sudo-dbgsym": "1.9.9-1ubuntu2.4",
            "sudo": "1.9.9-1ubuntu2.4",
            "sudo-ldap": "1.9.9-1ubuntu2.4",
            "sudo-ldap-dbgsym": "1.9.9-1ubuntu2.4"
        }
    ]
}