A security update for the Sudo package has been released for Debian GNU/Linux versions 8 (Jessie), 9 (Stretch), and 10 (Buster) under the Extended Long Term Support (ELTS) program. The update is identified as ELA-1476-1 and addresses a critical vulnerability related to the handling of the host option in Sudo.
The affected Sudo package versions include:
- Jessie: 1.8.10p3-1+deb8u10
- Stretch: 1.8.19p1-2.1+deb9u7
- Buster: 1.8.27-1+deb10u7
This vulnerability, associated with CVE-2025-32462, was discovered by Rich Mirch. The issue arises from the improper handling of the host option (-h or --host) in Sudo, which should only be used to list privileges. However, due to a bug, it can be exploited when executing commands or editing files with sudoedit. Depending on the configuration in the sudoers file, this flaw could lead to local privilege escalation, allowing unauthorized users to gain elevated privileges on the system.
To mitigate this vulnerability, system administrators are strongly urged to update the Sudo package to the latest version available for their respective Debian distributions. Regular security updates are essential to maintain system integrity and protect against potential exploits.
In addition to this specific vulnerability, it is important for users and administrators to stay informed about security best practices, including regularly checking for updates, auditing sudoers configurations, and applying other relevant security configurations to further protect their systems from unauthorized access and privilege escalation attacks
The affected Sudo package versions include:
- Jessie: 1.8.10p3-1+deb8u10
- Stretch: 1.8.19p1-2.1+deb9u7
- Buster: 1.8.27-1+deb10u7
This vulnerability, associated with CVE-2025-32462, was discovered by Rich Mirch. The issue arises from the improper handling of the host option (-h or --host) in Sudo, which should only be used to list privileges. However, due to a bug, it can be exploited when executing commands or editing files with sudoedit. Depending on the configuration in the sudoers file, this flaw could lead to local privilege escalation, allowing unauthorized users to gain elevated privileges on the system.
To mitigate this vulnerability, system administrators are strongly urged to update the Sudo package to the latest version available for their respective Debian distributions. Regular security updates are essential to maintain system integrity and protect against potential exploits.
In addition to this specific vulnerability, it is important for users and administrators to stay informed about security best practices, including regularly checking for updates, auditing sudoers configurations, and applying other relevant security configurations to further protect their systems from unauthorized access and privilege escalation attacks
Sudo security update for Debian ELTS
Updated Sudo packages are available for Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1476-1 sudo security update
