A sudo security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a flaw where a local user can edit a file not permitted by the security policy, resulting in privilege escalation.
ELA-772-1 sudo security update
Package : sudo
ELA-772-1 sudo security update
Version : 1.8.10p3-1+deb8u9 (jessie), 1.8.19p1-2.1+deb9u5 (stretch)
Related CVEs :
CVE-2023-22809
Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle ‘–’ to separate the editor and
arguments from files to edit. A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the security policy, resulting in privilege escalation.
