-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3181-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb November 07, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : sudo Version : 1.8.27-1+deb10u4 CVE ID : CVE-2021-23239 It was discovered that there was a information disclosure utility in sudo, a tool used to provide limited superuser privileges to specific users. A local unprivileged user may have been able to perform arbitrary directory-existence tests by exploiting a race condition in sudoedit. For Debian 10 buster, this problem has been fixed in version 1.8.27-1+deb10u4. We recommend that you upgrade your sudo packages. For the detailed security status of sudo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sudo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNo9JkACgkQHpU+J9Qx Hlg1cw//bhuWiJ0azlRhAegLqjrNLxY0qUPMh2DES05q52ATUCrerPXlnEXjRVFb HAsi5Aft7ioXNOoUpwsD/M7Hc09tDlCKaygBa28kasda7Leyem0vcuoSINoyv+W2 UoftHRS5EB5LVbsmcF4eTKZs9t7yCCnSmZxIq5LeHKJHTPEUlhuBKmF/QODKKErL GP2wV1/DyjPVJJW3/DIX529cuFAjTyGVHxLSU9ZQ1xjQulKeYJdD1/a1fz5VlCzQ dlgyiR4o7yyIvGchZnTxGloqZcCpHa126UO1oobLfmjPA2LSRrfOD5IV+eKSTjh0 PpIVKTNmJJAB1FrcFq8lHqxM0KqWVdCE015xxjAW7APXWJTViXLHHyRXJkohPRYn TIP+DsaeQ1mnH8aVqOHMJJ28K7E4YxZDKbQQifZOijEQi9zGl+inM7EhUmgGpZ5I Y+isiX5dKSMgRWhZxNzAWSXcxq44rwjbTr2s0GZqRDpD05fcyFzUb/uk1PVecKwi HkruiQTpKH7aztiNduLvC6Z+oQaNnz27FlzjC/FKhhwNRvrRJMk+Yh3zCfosKCYP GecLBd85VxMec2o4hS5Bercu44jO6AAzTyAeB8LtH+moAQPgrbeKFT0N8cq9ZaGm /zJYEuXJ2OB+FTOCuCdq1OUmPKdYZWJYiMPX5eSanOds0C1SfBo= =sVA6 -----END PGP SIGNATURE-----