Fedora has issued an advisory on January 28: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/ Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-42465Source RPM: (none) => sudo-1.9.13p2-2.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix a security vulnerability: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. (CVE-2023-42465) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/ ======================== Updated packages in core/updates_testing: ======================== sudo-1.9.15p5-1.mga9 sudo-devel-1.9.15p5-1.mga9 from SRPM: sudo-1.9.15p5-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 9Assignee: bugsquad => qa-bugs
URL: (none) => https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/CC: (none) => marja11
URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/ => (none)
Source RPM: sudo-1.9.13p2-2.mga9.src.rpm => sudo-1.9.13p2-2.mga9
Keywords: (none) => advisory
mga9-64 OK by casual use
CC: (none) => fri
Mageia9, x86_64 +1 Setting OK for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2024-0044.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED