[SECURITY] [DLA 4472-1] sudo security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4472-1] sudo security update
From: rouca@debian.org
Date: Fri, 6 Feb 2026 22:28:14 +0100
Message-id: <[🔎] 7c69cb92781ebfb496fb6e5cc6497e6c@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4472-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
February 06, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sudo
Version        : 1.9.5p2-3+deb11u3
CVE ID         : CVE-2023-28486 CVE-2023-28487

Sudo, a program designed to allow a sysadmin to give limited
root privileges to users and log root activity, was 
affected by multiple vulnerabilities.

CVE-2023-28486

    Sudo did not escape control characters in log messages.

CVE-2023-28487

    Sudo did not escape control characters in sudoreplay output.

For Debian 11 bullseye, these problems have been fixed in version
1.9.5p2-3+deb11u3.

We recommend that you upgrade your sudo packages.

For the detailed security status of sudo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sudo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmmGXO4ACgkQADoaLapB
CF+NlhAAnHV0dUIJ0Udp3G7fy3UKDxf0oB7FIrsgi0fxHRPE0Upe3h+tJN4J+/j6
Yjf0QiGP+IgagLzdypQpaPeAWZTLYFp3Tsh4e6CwXw2pPpSabGG3hyjQw687yKUu
uM5H7go6tAChd4Zdzy7Uwq9Zi/dMUjE/H6o6VEYQxm4IoEXfRtjFd1q9OVs3GVes
AGiwHzxUr0k83DgEFmpVCpL+eGRm9q3F4TcvuKMYQYMcjOg1Zb2fgS6Py74pqPUD
ieh+KppBy36ffjtEJvsRO2mNWQUtPWtMpiDsCyxgwk3BMcwQpAqZfOLUC72wPV/i
TzAno/DZRuuiM0P5p2IBMlbPHo7sKyMejP1taOjTFERkm1RVdXluM6c2+mfuoyhM
rt6UgIZnp7GTbe8nMr/k9XbM2jqAbbc2+yk96D69ahalej85aZ2raEzx+BR9WDXu
UOUpc+NmONUcTjMglGiQS+HXzF7Xf1MZxsgzF63pr78DuIseL0eGTnag8RFPISTW
qq0bWJ7TLbl2DbS+AJkv2OaDLpzgSka6moGr+BRgBa+iK2m6mliMZg33EYzZ9uC8
l10PlV89fEu8cUaluZMsATRFYyTA0yeqHMGrgaIYF3qngmN39z7NaylnrugpU+UR
GfSGJDPPQ2i06MHVcOnwMIjO01Zq3yoZg64pd5PamuQiZ6W+e64=
=jGd+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4471-1] debian-security-support update
Next by Date: [SECURITY] [DLA 4473-1] zabbix security update
Previous by thread: [SECURITY] [DLA 4471-1] debian-security-support update
Next by thread: [SECURITY] [DLA 4473-1] zabbix security update
Index(es):
- Date
- Thread