Ukuba sengozini (CVE-2023-22809) kukhonjwe kuphakheji ye-sudo, esetshenziselwa ukuhlela ukukhishwa kwemiyalo egameni labanye abasebenzisi, okuvumela umsebenzisi wendawo ukuthi ahlele noma yiliphi ifayela kusistimu, elibavumelayo. ukuze uthole amalungelo ezimpande ngokushintsha /etc/shadow noma izikripthi zesistimu. Ukuxhashazwa kokuba sengozini kudinga ukuthi umsebenzisi kufayela le-sudoers anikezwe ilungelo lokuqalisa insiza ye-sudoedit noma i-“sudo” ngefulegi elithi “-e”.
Ukuba sengozini kubangelwa ukuntuleka kokuphathwa okufanele kwezinhlamvu ze-“—” lapho kudluliswa okuhlukile kwendawo okuchaza uhlelo olubizelwa ukuhlela ifayela. Ku-sudo, ukulandelana kuka-"-" kusetshenziselwa ukuhlukanisa umhleli nezimpikiswano ohlwini lwamafayela ahlelwayo. Umhlaseli angakwazi ukwengeza ukulandelana kwe-“-file” ngemva kwendlela yomhleli kokuhlukahluka kwemvelo kwe-SUDO_EDITOR, VISUAL, noma U-EDITOR, okuzoqala ukuhlelwa kwefayela elishiwo ngamalungelo aphakeme ngaphandle kokuhlola imithetho yokufinyelela ifayela yomsebenzisi.
Ukuba sengozini kuvela kusukela kugatsha 1.8.0 futhi kwalungiswa kusibuyekezo sokulungisa i-sudo 1.9.12p2. Ukushicilelwa kwezibuyekezo zephakheji ekusabalaliseni kungalandelelwa emakhasini: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch, FreeBSD, NetBSD. Njengendlela yokuphepha, ungakhubaza ukucutshungulwa kokuguquguquka kwemvelo kwe-SUDO_EDITOR, VISUAL kanye ne-EDITOR ngokucacisa kuma-sudoers: Okuzenzakalelayo!sudoedit env_delete+="SUDO_EDITOR VISUAL EDITOR"
Source: opennet.ru