Debian 10 DLA-3272-1 Moderate: Sudo Privilege Escalation Risk
debian lts
January 18, 2023
Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' ...
Topics Covered
Summary
Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a
program designed to provide limited super user privileges to specific
users, does not properly handle '--' to separate the editor and arguments
from files to edit. A local user permitted to edit certain files can take
advantage of this flaw to edit a file not permitted by the security
policy, resulting in privilege escalation.
More information can be found at:
For Debian 10 buster, this problem has been fixed in version
1.8.27-1+deb10u5.
We recommend that you upgrade your sudo packages.
For the detailed security status of sudo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/sudo
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: sudo
Version: 1.8.27-1+deb10u5
CVE ID: CVE-2023-22809
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!