Description
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =1.9.10-1 || =1.9.10-2 || =1.9.10-3 || =1.9.11p3-1 || =1.9.11p3-2 || =1.9.12p1-1 || =1.9.12p2-1 || =1.9.13p1-1 || =1.9.13p3-1 || =1.9.13p3-2 || =1.9.13p3-3 || =1.9.14p2-1 || =1.9.15p2-1 || =1.9.15p2-2 || =1.9.15p3-1 || =1.9.15p4-1 || =1.9.15p4-2 || =1.9.15p5-1 || =1.9.15p5-2 || =1.9.15p5-3 || =1.9.15p5-3+hurd.1 || =1.9.16-1 || =1.9.16-2 || =1.9.16p1-1 || =1.9.16p2-1 || =1.9.16p2-2 || =1.9.16p2-3 || =1.9.17p1-1 || =1.9.17p2-1 || =1.9.17p2-1exp1 || =1.9.17p2-2 || =1.9.17p2-3 || =1.9.17p2-4 || =1.9.17p2-5 || =1.9.5p2-3 || =1.9.5p2-3+deb11u1 || =1.9.5p2-3+deb11u2 || =1.9.5p2-3+deb11u3 || =1.9.5p2-3+exp1 || =1.9.6-1~exp1 || =1.9.6-1~exp2 || =1.9.8p2-1 || =1.9.8p2-1~exp1 || =1.9.9-1 | - |
debian 12 | | =1.9.13p3-1 || =1.9.13p3-1+deb12u1 || =1.9.13p3-1+deb12u2 || =1.9.13p3-1+deb12u3 || =1.9.13p3-2 || =1.9.13p3-3 || =1.9.14p2-1 || =1.9.15p2-1 || =1.9.15p2-2 || =1.9.15p3-1 || =1.9.15p4-1 || =1.9.15p4-2 || =1.9.15p5-1 || =1.9.15p5-2 || =1.9.15p5-3 || =1.9.15p5-3+hurd.1 || =1.9.16-1 || =1.9.16-2 || =1.9.16p1-1 || =1.9.16p2-1 || =1.9.16p2-2 || =1.9.16p2-3 || =1.9.17p1-1 || =1.9.17p2-1 || =1.9.17p2-1exp1 || =1.9.17p2-2 || =1.9.17p2-3 || =1.9.17p2-4 || =1.9.17p2-5 | - |
debian 13 | | | 1.9.15p2-2 |
debian 14 | | | 1.9.15p2-2 |
 rpm rhel8.6 | | | 0:1.9.5p2-1.el8_6 |
rpm rhel6 | | - | - |
rpm rhel7 | | - | - |
rpm rhel8 | | | 0:1.9.5p2-1.el8_9 |
rpm rhel8.8 | | | 0:1.9.5p2-1.el8_8 |
rpm rhel9 | | | 0:1.9.5p2-10.el9_3 |
