ALAS-2024-1922


Amazon Linux 1 Security Advisory: ALAS-2024-1922
Advisory Release Date: 2024-02-23 00:25 Pacific
Advisory Updated Date: 2024-06-07 05:16 Pacific
Severity: Important

Issue Overview:

2024-06-07: CVE-2024-31969 was added to this advisory.

In sudo-1.8.23-10.amzn2.3.6 (Amazon Linux 2) and sudo-1.8.23-10.58.amzn1 (Amazon Linux 1), a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been fixed in sudo-1.8.23-10.amzn2.3.7 (AL2) and sudo-1.8.23-10.59.amzn1 (AL1). (CVE-2024-31969)


Affected Packages:

sudo


Issue Correction:
Run yum update sudo to update your system.

New Packages:
i686:
    sudo-debuginfo-1.8.23-10.59.amzn1.i686
    sudo-1.8.23-10.59.amzn1.i686
    sudo-devel-1.8.23-10.59.amzn1.i686

src:
    sudo-1.8.23-10.59.amzn1.src

x86_64:
    sudo-1.8.23-10.59.amzn1.x86_64
    sudo-debuginfo-1.8.23-10.59.amzn1.x86_64
    sudo-devel-1.8.23-10.59.amzn1.x86_64