| Release | Version |
|---|---|
| jessie | 1.8.10p3-1+deb8u9 |
| stretch | 1.8.19p1-2.1+deb9u6 |
| stretch (security) | 1.8.19p1-2.1+deb9u3 |
| buster | 1.8.27-1+deb10u6 |
| bullseye | 1.9.5p2-3+deb11u1 |
| bookworm | 1.9.13p3-1+deb12u1 |
| trixie | 1.9.16p1-1 |
| sid | 1.9.16p1-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42465 | fixed | fixed | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Sudo before 1.9.15 might allow row hammer attacks (for authentication ... |
| CVE-2023-28487 | vulnerable (no DSA) | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Sudo before 1.9.13 does not escape control characters in sudoreplay ou ... |
| CVE-2023-28486 | vulnerable (no DSA) | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Sudo before 1.9.13 does not escape control characters in log messages. |
| CVE-2021-23239 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ... |
| CVE-2016-7076 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noe ... |
| CVE-2016-7032 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users ... |
| CVE-2015-8239 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 all ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43995 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ... |
| CVE-2021-23240 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ... |
| CVE-2019-19234 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., b ... |
| CVE-2019-19232 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer ... |
| CVE-2005-1119 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ... |
| Bug | Description |
|---|---|
| CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot featu ... |
| CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ... |
| CVE-2023-7090 | A flaw was found in sudo in the handling of ipa_hostname, where ipa_ho ... |
| CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a ... |
| CVE-2019-18634 | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users ... |
| CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer a ... |
| CVE-2017-1000368 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an in ... |
| CVE-2017-1000367 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ... |
| CVE-2016-7091 | sudo: It was discovered that the default sudo configuration on Red Hat ... |
| CVE-2015-5602 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges v ... |
| CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is ... |
| CVE-2014-0106 | Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ... |
| CVE-2013-2777 | sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets op ... |
| CVE-2013-2776 | sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ... |
| CVE-2013-1776 | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_ticket ... |
| CVE-2013-1775 | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows loca ... |
| CVE-2012-3440 | A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ... |
| CVE-2012-2337 | sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ... |
| CVE-2012-0809 | Format string vulnerability in the sudo_debug function in Sudo 1.8.0 t ... |
| CVE-2011-0010 | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured ... |
| CVE-2011-0008 | A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fe ... |
| CVE-2010-2956 | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ... |
| CVE-2010-1646 | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1. ... |
| CVE-2010-1163 | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ... |
| CVE-2010-0427 | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ... |
| CVE-2010-0426 | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ... |
| CVE-2009-0034 | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ... |
| CVE-2008-3067 | sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when passwo ... |
| CVE-2007-3149 | sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ... |
| CVE-2006-0151 | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environ ... |
| CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ... |
| CVE-2005-4158 | Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ... |
| CVE-2005-2959 | Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows lo ... |
| CVE-2005-1993 | Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-comman ... |
| CVE-2005-1831 | Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions ... |
| CVE-2004-1689 | sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ... |
| CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands b ... |
| DSA / DLA | Description |
|---|---|
| DLA-3732-1 | sudo - security update |
| ELA-1042-1 | sudo - security update |
| DSA-5321-1 | sudo - security update |
| DLA-3272-1 | sudo - security update |
| ELA-772-1 | sudo - security update |
| ELA-728-1 | sudo - security update |
| DLA-3181-1 | sudo - security update |
| ELA-351-1 | sudo - security update |
| DSA-4839-1 | sudo - security update |
| DLA-2534-1 | sudo - security update |
| ELA-213-1 | sudo - security update |
| DSA-4614-1 | sudo - security update |
| DLA-2094-1 | sudo - security update |
| DLA-1964-1 | sudo - security update |
| ELA-178-1 | sudo - security update |
| DSA-4543-1 | sudo - security update |
| DLA-1011-1 | sudo - security update |
| DSA-3867-1 | sudo - security update |
| DLA-970-1 | sudo - security update |
| DLA-707-1 | sudo - security update |
| DSA-3440-1 | sudo - security update |
| DLA-382-1 | sudo - security update |
| DLA-160-1 | sudo - security update |
| DSA-3167-1 | sudo - security update |
| DSA-2642-1 | sudo - several issues |
| DSA-2478-1 | sudo - parsing error |
| DSA-2062-1 | sudo - environment sanitization bypass |
| DSA-2006-1 | sudo - several vulnerabilities |
| DSA-946-2 | sudo - missing input sanitising |
| DSA-870-1 | sudo - missing input sanitising |
| DSA-735-2 | sudo - pathname validation race |
| DSA-735-1 | sudo - pathname validation race |
| DSA-596-2 | sudo - missing input sanitising |