Discover Government News

Oracle Linux Security Advisory ELSA-2024-0811

https://linux.oracle.com/errata/ELSA-2024-0811.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
sudo-1.9.5p2-10.el9_3.x86_64.rpm
sudo-python-plugin-1.9.5p2-10.el9_3.x86_64.rpm

aarch64:
sudo-1.9.5p2-10.el9_3.aarch64.rpm
sudo-python-plugin-1.9.5p2-10.el9_3.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol9/SRPMS-updates//sudo-1.9.5p2-10.el9_3.src.rpm

Related CVEs:

CVE-2023-28486
CVE-2023-28487
CVE-2023-42465




Description of changes:

RHEL 9.3.0.Z ERRATUM
[1.9.5p2-10]
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21834
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21828
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21821

RHEL 8.9.0.Z ERRATUM
[1.9.5p2-1]
- Rebase to 1.9.5p2
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21825
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21831
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21820

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle9: ELSA-2024-0811: sudo security Moderate Security Update

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

RHEL 9.3.0.Z ERRATUM [1.9.5p2-10] - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21828 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21821 RHEL 8.9.0.Z ERRATUM [1.9.5p2-1] - Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820

SRPMs

https://oss.oracle.com:443/ol9/SRPMS-updates//sudo-1.9.5p2-10.el9_3.src.rpm

x86_64

sudo-1.9.5p2-10.el9_3.x86_64.rpm sudo-python-plugin-1.9.5p2-10.el9_3.x86_64.rpm

aarch64

sudo-1.9.5p2-10.el9_3.aarch64.rpm sudo-python-plugin-1.9.5p2-10.el9_3.aarch64.rpm

i386

Severity
Related CVEs: CVE-2023-28486 CVE-2023-28487 CVE-2023-42465

Related News