ELA-1042-1 sudo security update

Multiple vulnerabilities

2024-02-03
Packagesudo
Version1.8.19p1-2.1+deb9u6 (stretch)
Related CVEs CVE-2023-28486 CVE-2023-28487


Sudo, a program designed to allow a sysadmin to give limited root privileges to users and log root activity, was vulnerable.

CVE-2023-28486

Sudo did not escape control characters in log messages.

CVE-2023-28487

Sudo did not escape control characters in sudoreplay output.


For Debian 9 stretch, these problems have been fixed in version 1.8.19p1-2.1+deb9u6.

We recommend that you upgrade your sudo packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.