{"affected":[{"ecosystem_specific":{"binaries":[{"sudo":"1.9.9-150400.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"sudo","purl":"pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-150400.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"sudo":"1.9.9-150400.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"sudo","purl":"pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-150400.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"sudo":"1.9.9-150400.4.26.1","sudo-devel":"1.9.9-150400.4.26.1","sudo-plugin-python":"1.9.9-150400.4.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"sudo","purl":"pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-150400.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"sudo":"1.9.9-150400.4.26.1"}]},"package":{"ecosystem":"openSUSE:Leap Micro 5.3","name":"sudo","purl":"pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-150400.4.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"sudo":"1.9.9-150400.4.26.1","sudo-devel":"1.9.9-150400.4.26.1","sudo-plugin-python":"1.9.9-150400.4.26.1","sudo-test":"1.9.9-150400.4.26.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"sudo","purl":"pkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.9-150400.4.26.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for sudo fixes the following issue:\n\nSecurity issues:\n\n- CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)\n- CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)\n- CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).\n\nBug fixes:\n\n- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)\n- If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).\n- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).\n","id":"SUSE-SU-2023:1665-1","modified":"2023-03-29T10:55:22Z","published":"2023-03-29T10:55:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20231665-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203201"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206483"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206772"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209361"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-27320"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28486"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28487"}],"related":["CVE-2023-27320","CVE-2023-28486","CVE-2023-28487"],"summary":"Security update for sudo","upstream":["CVE-2023-27320","CVE-2023-28486","CVE-2023-28487"]}