摘要:
sudo security update
安全等级: Critical
公告ID: KylinSec-SA-2025-2695
发布日期: 2025年8月9日
关联CVE: CVE-2025-32462 CVE-2025-32463
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.
Security Fix(es):
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.(CVE-2025-32462)
A vulnerability has been found in Todd Miller sudo 1.9.14/1.9.15/1.9.16/1.9.17 (Operating System Utility Software) and classified as critical.The manipulation of the argument -R/--chroot with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.As an impact it is known to affect confidentiality, integrity, and availability.Applying the patch 1.9.17p1 is able to eliminate this problem.(CVE-2025-32463)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-32462 | V6 | sudo | Fixed |
| CVE-2025-32463 | V6 | sudo | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| sudo-help | noarch | 1.9.15p5-4.ks6.kb1 |
| sudo | x86_64 | 1.9.15p5-4.ks6.kb1 |
| sudo-devel | x86_64 | 1.9.15p5-4.ks6.kb1 |
| sudo | aarch64 | 1.9.15p5-4.ks6.kb1 |
| sudo-devel | aarch64 | 1.9.15p5-4.ks6.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
