|
|
Log in / Subscribe / Register

Debian alert DLA-4472-1 (sudo)



From:
              rouca@debian.org


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4472-1] sudo security update


Date:
              Fri, 06 Feb 2026 22:28:14 +0100


Message-ID:
              <7c69cb92781ebfb496fb6e5cc6497e6c@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4472-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
February 06, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sudo
Version        : 1.9.5p2-3+deb11u3
CVE ID         : CVE-2023-28486 CVE-2023-28487

Sudo, a program designed to allow a sysadmin to give limited
root privileges to users and log root activity, was 
affected by multiple vulnerabilities.

CVE-2023-28486

    Sudo did not escape control characters in log messages.

CVE-2023-28487

    Sudo did not escape control characters in sudoreplay output.

For Debian 11 bullseye, these problems have been fixed in version
1.9.5p2-3+deb11u3.

We recommend that you upgrade your sudo packages.

For the detailed security status of sudo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sudo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmmGXO4ACgkQADoaLapB
CF+NlhAAnHV0dUIJ0Udp3G7fy3UKDxf0oB7FIrsgi0fxHRPE0Upe3h+tJN4J+/j6
Yjf0QiGP+IgagLzdypQpaPeAWZTLYFp3Tsh4e6CwXw2pPpSabGG3hyjQw687yKUu
uM5H7go6tAChd4Zdzy7Uwq9Zi/dMUjE/H6o6VEYQxm4IoEXfRtjFd1q9OVs3GVes
AGiwHzxUr0k83DgEFmpVCpL+eGRm9q3F4TcvuKMYQYMcjOg1Zb2fgS6Py74pqPUD
ieh+KppBy36ffjtEJvsRO2mNWQUtPWtMpiDsCyxgwk3BMcwQpAqZfOLUC72wPV/i
TzAno/DZRuuiM0P5p2IBMlbPHo7sKyMejP1taOjTFERkm1RVdXluM6c2+mfuoyhM
rt6UgIZnp7GTbe8nMr/k9XbM2jqAbbc2+yk96D69ahalej85aZ2raEzx+BR9WDXu
UOUpc+NmONUcTjMglGiQS+HXzF7Xf1MZxsgzF63pr78DuIseL0eGTnag8RFPISTW
qq0bWJ7TLbl2DbS+AJkv2OaDLpzgSka6moGr+BRgBa+iK2m6mliMZg33EYzZ9uC8
l10PlV89fEu8cUaluZMsATRFYyTA0yeqHMGrgaIYF3qngmN39z7NaylnrugpU+UR
GfSGJDPPQ2i06MHVcOnwMIjO01Zq3yoZg64pd5PamuQiZ6W+e64=
=jGd+
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds