Medium
Canonical Ubuntu
It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges. Update Instructions: Run sudo pro fix USN-5908-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap – 1.9.9-1ubuntu2.3 sudo – 1.9.9-1ubuntu2.3 No subscription required
CVEs contained in this USN include: CVE-2023-27320.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2023-03-23: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs4 | lt | 0.70.0 | |
jammy stemcells | lt | 1.93 | |
cf deployment | lt | 1.93 |