- 58/2023
- Critical
Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2.
The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system.
Sample of the addressed vulnerabilities:
1. Sudo Code Execution Vulnerability (CVE-2023-27320):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. Linux Kernel Denial of Service Vulnerability (CVE-2023-1075):
• CVSS: 6.2
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
Vulnerabilities
- CVE-2023-27320
- CVE-2023-1079
- CVE-2023-1077
- CVE-2023-1076
- CVE-2023-1075
Mitigations
The enterprise should deploy the patches as soon as the testing phase is completed, and should check with its vendors for updates if any. Below is a sample of the distributors’ fixes:
• Sudo Releases
• SUSE
• Ubuntu
• Redhat
References
• Sudo Releases
• SUSE
• Ubuntu
• Redhat