ALT Linux Team

Package sudo update in sisyphus_riscv64 on 2025-07-02

ALT-PU-2025-8886-1

Package sudo updated to version 1.9.17p1-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2025-06-30

BDU:2025-07765

Уязвимость программы для системного администрирования sudo, связанная с включением функций из недостоверной контролируемой области при использовании опции "-R" ("--chroot"), позволяющая нарушителю выполнить произвольный код и повысить свои привилегии

Severity: CRITICAL (9.3) Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-06-30
Modified: 2025-07-25

CVE-2025-32462

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2025-06-30
Modified: 2025-07-22

CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top