[CLSA-2025:1761325294] Fix CVE(s): CVE-2021-23240, CVE-2023-42465, CVE-2025-32462

Type:

security

Severity:

Important

Release date:

2025-10-24 17:01:38 UTC

Description:

   * SECURITY UPDATE: privilege escalation via symlinks
   - debian/patches/CVE-2021-23240.patch: fix opportunity for local
     unprivileged user to gain file ownership via symlinks.
   * SECURITY UPDATE: unauthorized commands execution on unintended hosts
   - debian/patches/CVE-2025-32462.patch: restrict user from setting remote
     host for command unless listing privileges
   - CVE-2025-32462
   * SECURITY UPDATE: row hammer attack
   - debian/patches/CVE-2023-42465.patch: make return values resist to
     single bit flips
   - CVE-2023-42465

Updated packages:

sudo_1.8.27-1+deb10u6+tuxcare.els1_amd64.deb
sha:ca25ece51abdcfd50763004df146b24b28ecf303
sudo-ldap_1.8.27-1+deb10u6+tuxcare.els1_amd64.deb
sha:1f5aea49b4a70b516390debe596e7ba4f1153682

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.