| Package | sudo |
|---|---|
| Version | 1.8.19p1-2.1+deb9u6 (stretch) |
| Related CVEs | CVE-2023-28486 CVE-2023-28487 |
Sudo, a program designed to allow a sysadmin to give limited root privileges to users and log root activity, was vulnerable.
CVE-2023-28486
Sudo did not escape control characters in log messages.
CVE-2023-28487
Sudo did not escape control characters in sudoreplay output.
For Debian 9 stretch, these problems have been fixed in version 1.8.19p1-2.1+deb9u6.
We recommend that you upgrade your sudo packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.