Amazon Linux 2023 Security Advisory: ALAS-2024-514
Advisory Release Date: 2024-02-01 17:56 Pacific
Advisory Updated Date: 2024-02-26 14:00 Pacific
Severity:
Low
Issue Overview:
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. (CVE-2023-42465)
Affected Packages:
sudo
Issue Correction:
Run dnf update sudo --releasever 2023.3.20240205 to update your system.
New Packages:
aarch64:
sudo-logsrvd-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-python-plugin-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-debuginfo-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-devel-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-python-plugin-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-logsrvd-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-debugsource-1.9.14-1.p3.amzn2023.0.1.aarch64
sudo-1.9.14-1.p3.amzn2023.0.1.aarch64
src:
sudo-1.9.14-1.p3.amzn2023.0.1.src
x86_64:
sudo-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-devel-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-python-plugin-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-logsrvd-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-logsrvd-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-python-plugin-debuginfo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-1.9.14-1.p3.amzn2023.0.1.x86_64
sudo-debugsource-1.9.14-1.p3.amzn2023.0.1.x86_64
Changelog:
2024-02-26: The severity of this advisory has been changed from important to low.