发布于3月6日3月6日 Members Oracle Linux: CVE-2023-28487: ELSA-2024-0811:sudo security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/16/2024 Added 02/14/2024 Modified 12/18/2024 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) oracle-linux-upgrade-sudo oracle-linux-upgrade-sudo-python-plugin References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 ELSA-2024-0811
