sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | sudo | < 1.9.13p3-1+deb12u1 | sudo_1.9.13p3-1+deb12u1_all.deb |
Debian | 11 | all | sudo | < 1.9.5p2-3+deb11u1 | sudo_1.9.5p2-3+deb11u1_all.deb |
Debian | 10 | all | sudo | < 1.8.27-1+deb10u3 | sudo_1.8.27-1+deb10u3_all.deb |
Debian | 999 | all | sudo | < 1.9.15p5-3 | sudo_1.9.15p5-3_all.deb |
Debian | 13 | all | sudo | < 1.9.15p5-3 | sudo_1.9.15p5-3_all.deb |