SUSE-SU-2023:1665-1 -- SLES sudoID: oval:org.secpod.oval:def:89048686 | Date: (C)2023-04-11 (M)2024-04-25 |
Class: PATCH | Family: unix |
This update for sudo fixes the following issue: Security issues: * CVE-2023-28486: Fixed sudo does not escape control characters in log messages. * CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. * CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules . Bug fixes: * Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer * If NOPASSWD is specified, don"t ask for password if command is not found . * Do not re-enable the reader when flushing the buffers as part of pty_finish .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Server 15 SP4 |