| Package | sudo |
|---|---|
| Version | 1.8.5p2-1+nmu3+deb7u6 |
| Related CVEs | CVE-2019-18634 |
A privilege escalation vulnerability was discovered in sudo, a tool to allow users to run programs with the security privileges of another user.
If pwfeedback was enabled in /etc/sudoers, users could trigger a
stack-based buffer overflow in the privileged sudo process.
Note that whilst pwfeedback is a default setting in some distributions (eg.
Linux Mint and elementary OS) it is not the upstream default and thus
should only exist if enabled by an administrator.
For Debian 7 Wheezy, these problems have been fixed in version 1.8.5p2-1+nmu3+deb7u6.
We recommend that you upgrade your sudo packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.