Debian 10262 Published by

A sudo security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a flaw where a local user can edit a file not permitted by the security policy, resulting in privilege escalation.



ELA-772-1 sudo security update

Package : sudo
Version : 1.8.10p3-1+deb8u9 (jessie), 1.8.19p1-2.1+deb9u5 (stretch)

Related CVEs :
CVE-2023-22809

Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle ‘–’ to separate the editor and
arguments from files to edit. A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the security policy, resulting in privilege escalation.

  ELA-772-1 sudo security update