发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2023-28487: Important priority package update for sudo Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) amazon-linux-2023-upgrade-sudo amazon-linux-2023-upgrade-sudo-debuginfo amazon-linux-2023-upgrade-sudo-debugsource amazon-linux-2023-upgrade-sudo-devel amazon-linux-2023-upgrade-sudo-logsrvd amazon-linux-2023-upgrade-sudo-logsrvd-debuginfo amazon-linux-2023-upgrade-sudo-python-plugin amazon-linux-2023-upgrade-sudo-python-plugin-debuginfo References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 https://alas.aws.amazon.com/AL2023/ALAS-2023-135.html
