{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"sudo security update", "category":"general", "title":"Synopsis" }, { "text":"An update for sudo is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\n\nSecurity Fix(es):\n\nIn Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.(CVE-2026-35535)", "category":"general", "title":"Description" }, { "text":"An update for sudo is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"sudo", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1908", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1908" }, { "summary":"CVE-2026-35535", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-35535&packageName=sudo" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35535" }, { "summary":"openEuler-SA-2026-1908 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1908.json" } ], "title":"An update for sudo is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-04-17T21:04:17+08:00", "revision_history":[ { "date":"2026-04-17T21:04:17+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:17+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:17+08:00", "id":"openEuler-SA-2026-1908", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "name":"sudo-1.9.15p5-6.oe2403sp3.x86_64.rpm" }, "name":"sudo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64.rpm" }, "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64.rpm", "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64.rpm" }, "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-devel-1.9.15p5-6.oe2403sp3.x86_64.rpm", "name":"sudo-devel-1.9.15p5-6.oe2403sp3.x86_64.rpm" }, "name":"sudo-devel-1.9.15p5-6.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-help-1.9.15p5-6.oe2403sp3.noarch.rpm", "name":"sudo-help-1.9.15p5-6.oe2403sp3.noarch.rpm" }, "name":"sudo-help-1.9.15p5-6.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "name":"sudo-1.9.15p5-6.oe2403sp3.aarch64.rpm" }, "name":"sudo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64.rpm" }, "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64.rpm", "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64.rpm" }, "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-devel-1.9.15p5-6.oe2403sp3.aarch64.rpm", "name":"sudo-devel-1.9.15p5-6.oe2403sp3.aarch64.rpm" }, "name":"sudo-devel-1.9.15p5-6.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"sudo-1.9.15p5-6.oe2403sp3.src.rpm", "name":"sudo-1.9.15p5-6.oe2403sp3.src.rpm" }, "name":"sudo-1.9.15p5-6.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.x86_64", "name":"sudo-1.9.15p5-6.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64", "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64", "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-devel-1.9.15p5-6.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-devel-1.9.15p5-6.oe2403sp3.x86_64", "name":"sudo-devel-1.9.15p5-6.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-help-1.9.15p5-6.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-help-1.9.15p5-6.oe2403sp3.noarch", "name":"sudo-help-1.9.15p5-6.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.aarch64", "name":"sudo-1.9.15p5-6.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64", "name":"sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64", "name":"sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-devel-1.9.15p5-6.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-devel-1.9.15p5-6.oe2403sp3.aarch64", "name":"sudo-devel-1.9.15p5-6.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"sudo-1.9.15p5-6.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.src", "name":"sudo-1.9.15p5-6.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-35535", "notes":[ { "text":"In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:sudo-devel-1.9.15p5-6.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:sudo-help-1.9.15p5-6.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:sudo-devel-1.9.15p5-6.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:sudo-1.9.15p5-6.oe2403sp3.src" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"sudo security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1908" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-35535" } ] }