USN-5811-1: Sudo vulnerabilities

Packages

sudo - Provide limited super user privileges to specific users

Details

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly
handled user-specified editors when using the sudoedit command. A local
attacker that has permission to use the sudoedit command could possibly use
this issue to edit arbitrary files. (CVE-2023-22809)

It was discovered that the Protobuf-c library, used by Sudo, incorrectly
handled certain arithmetic shifts. An attacker could possibly use this
issue to cause Sudo to crash, resulting in a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-33070)

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly
handled user-specified editors when using the sudoedit command. A local
attacker that has permission to use the sudoedit command could possibly use
this issue to edit arbitrary files. (CVE-2023-22809)

It was discovered that the Protobuf-c library, used by Sudo, incorrectly
handled certain arithmetic shifts. An attacker could possibly use this
issue to cause Sudo to crash, resulting in a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-33070)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
22.10 kinetic	sudo-ldap – 1.9.11p3-1ubuntu1.1
22.10 kinetic	sudo – 1.9.11p3-1ubuntu1.1
22.04 jammy	sudo-ldap – 1.9.9-1ubuntu2.2
22.04 jammy	sudo – 1.9.9-1ubuntu2.2
20.04 focal	sudo-ldap – 1.8.31-1ubuntu1.4
20.04 focal	sudo – 1.8.31-1ubuntu1.4
18.04 bionic	sudo-ldap – 1.8.21p2-3ubuntu1.5
18.04 bionic	sudo – 1.8.21p2-3ubuntu1.5

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices