Overview

File _patchinfo of Package patchinfo.27911

<patchinfo incident="27911">
  <issue tracker="cve" id="2023-28486"/>
  <issue tracker="cve" id="2023-28487"/>
  <issue tracker="bnc" id="1203201">L3-Question: sudo block in ppoll syscall while child process already gone</issue>
  <issue tracker="bnc" id="1206483">sudo crashes in sssd module on empty RunAs list</issue>
  <issue tracker="bnc" id="1209362">VUL-0: CVE-2023-28486: sudo: does not escape control characters in log messages.</issue>
  <issue tracker="bnc" id="1209361">VUL-0: CVE-2023-28487: sudo: does not escape control characters in sudoreplay output.</issue>
  <packager>jsikes</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for sudo</summary>
  <description>This update for sudo fixes the following issue:

Security fixes:

- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).

Other fixes:

- Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer (bsc#1206483).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places