Amazon Linux 2023 Security Advisory: ALAS-2023-135
Advisory Release Date: 2023-03-20 18:27 Pacific
Advisory Updated Date: 2023-03-30 21:11 Pacific
Severity:
Important
References:
CVE-2023-27320
CVE-2023-28486
CVE-2023-28487
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. (CVE-2023-27320)
Affected Packages:
sudo
Issue Correction:
Run dnf update --releasever=2023.0.20230322 sudo to update your system.
New Packages:
aarch64:
sudo-python-plugin-debuginfo-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-logsrvd-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-python-plugin-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-debuginfo-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-devel-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-logsrvd-debuginfo-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-debugsource-1.9.13-1.p2.amzn2023.0.1.aarch64
sudo-1.9.13-1.p2.amzn2023.0.1.aarch64
src:
sudo-1.9.13-1.p2.amzn2023.0.1.src
x86_64:
sudo-python-plugin-debuginfo-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-devel-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-python-plugin-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-logsrvd-debuginfo-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-debuginfo-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-logsrvd-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-debugsource-1.9.13-1.p2.amzn2023.0.1.x86_64
sudo-1.9.13-1.p2.amzn2023.0.1.x86_64