Gentoo Linux Security Advisory GLSA 202507-01: High Severity Sudo Privilege Escalation Vulnerability
On July 1, 2025, a high-severity security update was announced for Gentoo Linux regarding the `sudo` application, which is crucial for allowing users to execute commands with elevated privileges. This advisory highlights multiple vulnerabilities within `sudo`, the most critical of which could enable unauthorized users to escalate their privileges to root level.
Affected Versions:
- The vulnerable package is identified as `app-admin/sudo` versions lower than 1.9.17_p1.
- The unaffected versions are 1.9.17_p1 and above.
Vulnerability Details:
The vulnerabilities arise from specific arguments being passed to the `--chroot` option in `sudo`, which can lead to privilege escalation. Users are encouraged to consult related CVE identifiers (CVE-2025-32462 and CVE-2025-32463) for comprehensive details on the vulnerabilities.
Resolution Steps:
To mitigate these vulnerabilities, all users of `sudo` are advised to upgrade to the latest version. The upgrade can be performed with the following commands:
No Workaround Available:
Currently, there are no known workarounds for the vulnerabilities, underscoring the importance of timely upgrades.
Additional Information:
For ongoing updates and further details regarding this advisory, Gentoo users can refer to the Gentoo Security Website. Concerns regarding security can be directed to security@gentoo.org or reported through the Gentoo bug tracking system.
Conclusion:
The Gentoo Foundation emphasizes the importance of security and the protection of user systems. Users are strongly encouraged to act promptly to ensure their systems are safeguarded against potential exploits stemming from these vulnerabilities in `sudo`.
License Information:
This advisory is released under the Creative Commons - Attribution / Share Alike license, and all relevant content is owned by its respective entities.
For further reading, users can access the links for the CVEs and the complete advisory on the Gentoo Security page
On July 1, 2025, a high-severity security update was announced for Gentoo Linux regarding the `sudo` application, which is crucial for allowing users to execute commands with elevated privileges. This advisory highlights multiple vulnerabilities within `sudo`, the most critical of which could enable unauthorized users to escalate their privileges to root level.
Affected Versions:
- The vulnerable package is identified as `app-admin/sudo` versions lower than 1.9.17_p1.
- The unaffected versions are 1.9.17_p1 and above.
Vulnerability Details:
The vulnerabilities arise from specific arguments being passed to the `--chroot` option in `sudo`, which can lead to privilege escalation. Users are encouraged to consult related CVE identifiers (CVE-2025-32462 and CVE-2025-32463) for comprehensive details on the vulnerabilities.
Resolution Steps:
To mitigate these vulnerabilities, all users of `sudo` are advised to upgrade to the latest version. The upgrade can be performed with the following commands:
bashemerge --sync
emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.17_p1"
No Workaround Available:
Currently, there are no known workarounds for the vulnerabilities, underscoring the importance of timely upgrades.
Additional Information:
For ongoing updates and further details regarding this advisory, Gentoo users can refer to the Gentoo Security Website. Concerns regarding security can be directed to security@gentoo.org or reported through the Gentoo bug tracking system.
Conclusion:
The Gentoo Foundation emphasizes the importance of security and the protection of user systems. Users are strongly encouraged to act promptly to ensure their systems are safeguarded against potential exploits stemming from these vulnerabilities in `sudo`.
License Information:
This advisory is released under the Creative Commons - Attribution / Share Alike license, and all relevant content is owned by its respective entities.
For further reading, users can access the links for the CVEs and the complete advisory on the Gentoo Security page
Sudo update for Gentoo
A security update has been released for Gentoo Linux:
[ GLSA 202507-01 ] sudo: Privilege escalation
