Log injection In sudo
Description
Sudo before 1.9.13 does not escape control characters in log messages.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | 1.9.5p2-3+deb11u3 | ||
debian 12 | 1.9.13p1-1 | ||
debian 13 | 1.9.13p1-1 | ||
debian 14 | 1.9.13p1-1 | ||
 rpm rhel8 | 0:1.9.5p2-1.el8_9 | ||
rpm rhel9.0 | 0:1.9.5p2-7.el9_0.4 | ||
rpm rhel9.2 | 0:1.9.5p2-9.el9_2.2 | ||
rpm rhel6 | - | - | |
rpm rhel7 | - | - | |
rpm rhel8.6 | 0:1.9.5p2-1.el8_6 |
1-10 of 12
10
Aliases
1. 2. 3. 4. 5.