Amazon Linux 2023 Security Advisory: ALAS-2024-514
Advisory Release Date: 2024-02-01 17:56 Pacific
Advisory Updated Date: 2024-02-26 14:00 Pacific
Severity:
Low
Issue Overview:
2024-02-26: The severity of this advisory has been changed from important to low.
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. (CVE-2023-42465)
Affected Packages:
sudo
Issue Correction:
Run dnf update sudo --releasever 2023.3.20240205 to update your system.
New Packages:
aarch64:
sudo-logsrvd-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-python-plugin-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-devel-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-python-plugin-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-logsrvd-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-debugsource-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-1.9.14-1.p3.amzn2023.0.1.aarch64
src:
sudo-1.9.14-1.p3.amzn2023.0.1.src
x86_64:
sudo-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-devel-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-python-plugin-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-logsrvd-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-logsrvd-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-python-plugin-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-debugsource-1.9.14-1.p3.amzn2023.0.1.x86_64