Amazon Linux 1 Security Advisory: ALAS-2024-1922
Advisory Release Date: 2024-02-23 00:25 Pacific
Advisory Updated Date: 2024-06-07 05:16 Pacific
2024-06-07: CVE-2024-31969 was added to this advisory.
In sudo-1.8.23-10.amzn2.3.6 (Amazon Linux 2) and sudo-1.8.23-10.58.amzn1 (Amazon Linux 1), a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been fixed in sudo-1.8.23-10.amzn2.3.7 (AL2) and sudo-1.8.23-10.59.amzn1 (AL1). (CVE-2024-31969)
Affected Packages:
sudo
Issue Correction:
Run yum update sudo to update your system.
i686:
sudo-debuginfo-1.8.23-10.59.amzn1.i686
sudo-1.8.23-10.59.amzn1.i686
sudo-devel-1.8.23-10.59.amzn1.i686
src:
sudo-1.8.23-10.59.amzn1.src
x86_64:
sudo-1.8.23-10.59.amzn1.x86_64
sudo-debuginfo-1.8.23-10.59.amzn1.x86_64
sudo-devel-1.8.23-10.59.amzn1.x86_64