USN-6005-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6005-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6005-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6005-2

Related

Published

2023-05-29T11:02:51.926428Z

Modified

2023-05-29T11:02:51.926428Z

Summary

sudo vulnerabilities

Details

USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16.04 LTS.

Original advisory details:

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed.

References

Affected packages

Ubuntu:Pro:16.04:LTS / sudo

Package

Name: sudo
Purl: pkg:deb/ubuntu/sudo@1.8.16-0ubuntu1.10+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-0ubuntu1.10+esm2

Affected versions

1.*

1.8.12-1ubuntu3

1.8.16-0ubuntu1

1.8.16-0ubuntu1.1

1.8.16-0ubuntu1.2

1.8.16-0ubuntu1.3

1.8.16-0ubuntu1.4

1.8.16-0ubuntu1.5

1.8.16-0ubuntu1.6

1.8.16-0ubuntu1.7

1.8.16-0ubuntu1.8

1.8.16-0ubuntu1.9

1.8.16-0ubuntu1.10

1.8.16-0ubuntu1.10+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.8.16-0ubuntu1.10+esm2",
            "binary_name": "sudo"
        },
        {
            "binary_version": "1.8.16-0ubuntu1.10+esm2",
            "binary_name": "sudo-dbgsym"
        },
        {
            "binary_version": "1.8.16-0ubuntu1.10+esm2",
            "binary_name": "sudo-ldap"
        },
        {
            "binary_version": "1.8.16-0ubuntu1.10+esm2",
            "binary_name": "sudo-ldap-dbgsym"
        }
    ]
}