[El-errata] ELSA-2024-0811 Moderate: Oracle Linux 9 sudo security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 16 16:41:24 UTC 2024


Oracle Linux Security Advisory ELSA-2024-0811

http://linux.oracle.com/errata/ELSA-2024-0811.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
sudo-1.9.5p2-10.el9_3.x86_64.rpm
sudo-python-plugin-1.9.5p2-10.el9_3.x86_64.rpm

aarch64:
sudo-1.9.5p2-10.el9_3.aarch64.rpm
sudo-python-plugin-1.9.5p2-10.el9_3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//sudo-1.9.5p2-10.el9_3.src.rpm

Related CVEs:

CVE-2023-28486
CVE-2023-28487
CVE-2023-42465




Description of changes:

RHEL 9.3.0.Z ERRATUM
[1.9.5p2-10]
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21834
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21828
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21821

RHEL 8.9.0.Z ERRATUM
[1.9.5p2-1]
- Rebase to 1.9.5p2
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21825
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21831
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21820



More information about the El-errata mailing list