Amazon Linux 1 Security Advisory: ALAS-2024-1917
Advisory Release Date: 2024-02-01 19:33 Pacific
Advisory Updated Date: 2024-02-01 19:33 Pacific
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. (CVE-2023-42465)
Affected Packages:
sudo
Issue Correction:
Run yum update sudo to update your system.
i686:
sudo-debuginfo-1.8.23-10.58.amzn1.i686
sudo-devel-1.8.23-10.58.amzn1.i686
sudo-1.8.23-10.58.amzn1.i686
src:
sudo-1.8.23-10.58.amzn1.src
x86_64:
sudo-1.8.23-10.58.amzn1.x86_64
sudo-debuginfo-1.8.23-10.58.amzn1.x86_64
sudo-devel-1.8.23-10.58.amzn1.x86_64