Control: tag -1 pending confirmed
Hi Salvatore,
sorry for taking so long to reply.
On the sudo-team side for unstable, this is now
https://salsa.debian.org/sudo-team/sudo/-/commit/25f723d596d96d266156ade0bbf607edac12414d
Do you want me to upload right away or do we want to do a coordinated
release? Does this warrant a DSA?
Greetings
Marc
On Fri, Mar 13, 2026 at 01:47:17PM +0100, Salvatore Bonaccorso wrote:
As explained in
https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt a
fail-open suituation in sudo was possible to be exploited for a LPE,
when the setuid capability was denied fo sudo via a loaded new
AppArmor profile, preventing sudo from pdropping its root privileges
before executing /usr/sbin/sendmail.
As this uncvered this bug in sudo as well, filling this bug for
tracking the issue.
Upstream fix:
https://github.com/sudo-project/sudo/commit/3e474c2
Regards,
Salvatore
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
