A sudo security update has been released for Debian GNU/Linux 9 Extended LTS to address an information disclosure vulnerability.
ELA-728-1 sudo security update
Package : sudo
ELA-728-1 sudo security update
Version : 1.8.19p1-2.1+deb9u4 (stretch)
Related CVEs :
CVE-2021-23239
It was discovered that there was a information disclosure vulnerability in sudo, a tool used to provide limited superuser privileges to specific users. A local unprivileged user may have been able to perform arbitrary directory-existence tests by exploiting a race condition in sudoedit.
