Oracle Linux Security Advisory ELSA-2024-0811

https://linux.oracle.com/errata/ELSA-2024-0811.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
sudo-1.9.5p2-1.el8_9.x86_64.rpm

aarch64:
sudo-1.9.5p2-1.el8_9.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//sudo-1.9.5p2-1.el8_9.src.rpm

Related CVEs:

CVE-2023-28486
CVE-2023-28487
CVE-2023-42465




Description of changes:

RHEL 9.3.0.Z ERRATUM
[1.9.5p2-10]
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21834
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21828
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21821

RHEL 8.9.0.Z ERRATUM
[1.9.5p2-1]
- Rebase to 1.9.5p2
- CVE-2023-28486 sudo: Sudo does not escape control characters in log messages
Resolves: RHEL-21825
- CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Resolves: RHEL-21831
- CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables
Resolves: RHEL-21820


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata