Back to bug 2179273
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-03-17 07:50:32 UTC | Blocks | 2179004 | |
| Sandipan Roy | 2023-03-17 07:51:55 UTC | Depends On | 2179276, 2179277 | |
| Marco Benatto | 2023-03-27 17:28:42 UTC | Doc Text | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where "sudoreplay -l' command doesn't properly escape terminal control characters. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. | |
| Marco Benatto | 2023-03-27 17:29:06 UTC | Fixed In Version | sudo-1.9.13 | |
| Marco Benatto | 2023-03-27 17:29:36 UTC | Depends On | 2182153, 2182152 | |
| Paige Jung | 2023-03-27 17:43:51 UTC | Doc Text | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where "sudoreplay -l' command doesn't properly escape terminal control characters. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. | A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. |
| Red Hat Bugzilla | 2023-07-07 08:28:17 UTC | Assignee | security-response-team | nobody |
Back to bug 2179273