SUSE-SU-2023:1659-1 -- SLES sudoID: oval:org.secpod.oval:def:89048501 | Date: (C)2023-04-11 (M)2024-04-25 |
Class: PATCH | Family: unix |
This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer . * Do not re-enable the reader when flushing the buffers as part of pty_finish .
Platform: |
SUSE Linux Enterprise Server 12 SP5 |