{"id":"USN-6005-2","summary":"sudo vulnerabilities","details":"USN-6005-1 fixed vulnerabilities in Sudo. This update\nprovides the corresponding updates for Ubuntu 16.04 LTS.\n\nOriginal advisory details:\n\n Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly\n escaped control characters in log messages and sudoreplay output. An\n attacker could possibly use these issues to inject terminal control\n characters that alter output when being viewed.\n","modified":"2026-04-27T16:37:47.527599Z","published":"2023-05-29T11:02:51Z","related":["UBUNTU-CVE-2023-28486","UBUNTU-CVE-2023-28487"],"upstream":["CVE-2023-28486","CVE-2023-28487","UBUNTU-CVE-2023-28486","UBUNTU-CVE-2023-28487"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6005-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28486"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28487"}],"affected":[{"package":{"name":"sudo","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/sudo@1.8.16-0ubuntu1.10+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.16-0ubuntu1.10+esm2"}]}],"versions":["1.8.12-1ubuntu3","1.8.16-0ubuntu1","1.8.16-0ubuntu1.1","1.8.16-0ubuntu1.2","1.8.16-0ubuntu1.3","1.8.16-0ubuntu1.4","1.8.16-0ubuntu1.5","1.8.16-0ubuntu1.6","1.8.16-0ubuntu1.7","1.8.16-0ubuntu1.8","1.8.16-0ubuntu1.9","1.8.16-0ubuntu1.10","1.8.16-0ubuntu1.10+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"sudo","binary_version":"1.8.16-0ubuntu1.10+esm2"},{"binary_name":"sudo-ldap","binary_version":"1.8.16-0ubuntu1.10+esm2"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6005-2.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-28486"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-28487"}]}}}],"schema_version":"1.7.5"}