Univention Bugzilla – Bug 57031
sudo: Multiple issues (5.0)
Last modified: 2024-02-14 12:29:17 CET
New Debian sudo 1.8.27-1+deb10u6 fixes: This update addresses the following issues: 1.8.27-1+deb10u6 (Sun, 21 Jan 2024 20:52:36 +0000) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-7090: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. * Fix CVE-2023-28486: Sudo did not escape control characters in log messages. * Fix CVE-2023-28487: Sudo did not escape control characters in sudoreplay output. * Regenerate parsers from yacc file.
--- mirror/ftp/pool/main/s/sudo/sudo_1.8.27-1+deb10u5.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/sudo_1.8.27-1+deb10u6.dsc @@ -1,3 +1,17 @@ +1.8.27-1+deb10u6 [Sun, 21 Jan 2024 20:52:36 +0000] Bastien Roucariès <rouca@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2023-7090: A flaw was found in sudo in the handling of + ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf + was not propagated in sudo. Therefore, it leads to + privilege mismanagement vulnerability in applications, + where client hosts retain privileges even after retracting them. + * Fix CVE-2023-28486: Sudo did not escape control characters + in log messages. + * Fix CVE-2023-28487: Sudo did not escape control characters + in sudoreplay output. + * Regenerate parsers from yacc file. + 1.8.27-1+deb10u5 [Mon, 16 Jan 2023 21:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-6/#2517734797872375083>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Refusing to remove sudo because it is run inside a container and SUDO_FORCE_REMOVE=yes can not be set [5.0-6] a126fac17d Bug #57031: sudo 1.8.27-1+deb10u6 doc/errata/staging/sudo.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [5.0-6] 06a0f39e35 Bug #57031: sudo 1.8.27-1+deb10u6 doc/errata/staging/sudo.yaml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) [5.0-6] 97e50ecf55 Bug #57031: sudo 1.8.27-1+deb10u6 doc/errata/staging/sudo.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x955>