File _patchinfo of Package patchinfo.27913
<patchinfo incident="27913">
<issue tracker="cve" id="2023-28486"/>
<issue tracker="cve" id="2023-28487"/>
<issue tracker="bnc" id="1203201">L3-Question: sudo block in ppoll syscall while child process already gone</issue>
<issue tracker="bnc" id="1206483">sudo crashes in sssd module on empty RunAs list</issue>
<issue tracker="bnc" id="1209362">VUL-0: CVE-2023-28486: sudo: does not escape control characters in log messages.</issue>
<issue tracker="bnc" id="1209361">VUL-0: CVE-2023-28487: sudo: does not escape control characters in sudoreplay output.</issue>
<packager>jsikes</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for sudo</summary>
<description>This update for sudo fixes the following issue:
Security fixes:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
Other fixes:
- Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer (bsc#1206483).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
</description>
</patchinfo>