Information on source package sudo

Available versions

ReleaseVersion
wheezy1.8.5p2-1+nmu3+deb7u1
wheezy (security)1.8.5p2-1+nmu3+deb7u4
jessie (security)1.8.10p3-1+deb8u4
stretch1.8.19p1-2.1
buster1.8.21p2-2
sid1.8.21p2-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-1000368fixedvulnerable (no DSA)fixedfixedfixedTodd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...
CVE-2016-7076fixedvulnerable (no DSA)fixedfixedfixednoexec bypass via wordexp()
CVE-2016-7032fixedvulnerable (no DSA)fixedfixedfixedsudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users ...
CVE-2015-8239fixedvulnerable (no DSA)fixedfixedfixedThe SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2005-1119vulnerablevulnerablevulnerablevulnerablevulnerableSudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...

Resolved issues

BugDescription
CVE-2017-1000367Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...
CVE-2016-7091sudo: It was discovered that the default sudo configuration on Red Hat ...
CVE-2015-5602sudoedit in Sudo before 1.8.15 allows local users to gain privileges ...
CVE-2014-9680sudo before 1.8.12 does not ensure that the TZ environment variable is ...
CVE-2014-0106Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...
CVE-2013-2777sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets ...
CVE-2013-2776sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...
CVE-2013-1776sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ...
CVE-2013-1775sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows ...
CVE-2012-3440A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux ...
CVE-2012-2337sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does ...
CVE-2012-0809Format string vulnerability in the sudo_debug function in Sudo 1.8.0 ...
CVE-2011-0010check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...
CVE-2011-0008A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on ...
CVE-2010-2956Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...
CVE-2010-1646The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...
CVE-2010-1163The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...
CVE-2010-0427sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...
CVE-2010-0426sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...
CVE-2009-0034parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...
CVE-2008-3067sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...
CVE-2007-3149sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...
CVE-2006-0151sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...
CVE-2005-4890login: tty hijacking possible in "su" via TIOCSTI ioctl
CVE-2005-4158Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...
CVE-2005-2959Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...
CVE-2005-1993Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...
CVE-2005-1831** DISPUTED ** ...
CVE-2004-1689sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...
CVE-2004-1051sudo before 1.6.8p2 allows local users to execute arbitrary commands ...

Security announcements

DSA / DLADescription
DLA-1011-1sudo - security update
DSA-3867-1sudo - security update
DLA-970-1sudo - security update
DLA-707-1sudo - security update
DSA-3440-1sudo - security update
DSA-3440-1sudo - security update
DLA-382-1sudo - security update
DLA-160-1sudo - security update
DSA-3167-1sudo - security update
DSA-2642-1sudo - several issues
DSA-2478-1sudo - parsing error
DSA-2062-1sudo - environment sanitization bypass
DSA-2006-1sudo - several vulnerabilities
DSA-946-2sudo - missing input sanitising
DSA-946-2sudo - missing input sanitising
DSA-870-1sudo - missing input sanitising
DSA-870-1sudo - missing input sanitising
DSA-735-2sudo - pathname validation race
DSA-735-2sudo - pathname validation race
DSA-735-1sudo - pathname validation race
DSA-735-1sudo - pathname validation race
DSA-596-2sudo - missing input sanitising

Search for package or bug name: Reporting problems