Kotsi (CVE-2023-22809) e khethiloe ka har'a sephutheloana sa sudo, se sebelisetsoang ho hlophisa ts'ebetso ea litaelo molemong oa basebelisi ba bang, e lumellang mosebelisi oa lehae ho hlophisa faele efe kapa efe ho sistimi, eo le eona e ba lumellang. ho fumana litokelo tsa metso ka ho fetola /etc/shadow or system scripts. Tšebeliso e mpe ea tlokotsi e hloka hore mosebelisi ea faeleng ea sudoers a fuoe tokelo ea ho tsamaisa ts'ebeliso ea sudoedit kapa "sudo" ka folakha ea "-e".
Kotsi e bakoa ke khaello ea ts'ebetso e nepahetseng ea litlhaku tsa "-" ha ho arola mefuta e fapaneng ea tikoloho e hlalosang lenaneo le bitsoang ho hlophisa faele. Ho sudo, tatellano ea "-" e sebelisoa ho arola mohlophisi le likhang ho tsoa lethathamong la lifaele tse hlophisitsoeng. Motho ea hlaselang a ka eketsa tatellano ea "-file" ka mor'a tsela ea mohlophisi ho ea ho mefuta-futa ea tikoloho ea SUDO_EDITOR, VISUAL, kapa EDITOR, e tla qala ho hlophisa faele e boletsoeng ka litokelo tse phahameng ntle le ho hlahloba melao ea ho fumana lifaele tsa mosebedisi.
Kotsi e hlaha ho tloha lekaleng la 1.8.0 mme e ile ea lokisoa ntlafatsong ea tokiso sudo 1.9.12p2. Phatlalatso ea lintlafatso tsa liphutheloana kabong e ka lateloa maqepheng: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch, FreeBSD, NetBSD. E le mokhoa oa ts'ireletso, o ka thibela ts'ebetso ea SUDO_EDITOR, VISUAL le EDITOR e feto-fetohang ka ho hlakisa ho li-sudoers: Defaults!sudoedit env_delete+="SUDO_EDITOR VISUAL EDITOR"
Source: opennet.ru