ALAS2023-2025-1070

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1070
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10
Severity: Important
Issue Overview:

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. (CVE-2025-32462)

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. (CVE-2025-32463)


Affected Packages:

sudo


Issue Correction:
Run dnf update sudo --releasever 2023.8.20250707 to update your system.

New Packages:
aarch64:
    sudo-python-plugin-debuginfo-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-devel-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-logsrvd-debuginfo-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-python-plugin-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-debuginfo-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-logsrvd-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-debugsource-1.9.15-1.p5.amzn2023.0.2.aarch64
    sudo-1.9.15-1.p5.amzn2023.0.2.aarch64

src:
    sudo-1.9.15-1.p5.amzn2023.0.2.src

x86_64:
    sudo-devel-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-python-plugin-debuginfo-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-logsrvd-debuginfo-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-python-plugin-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-logsrvd-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-debuginfo-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-debugsource-1.9.15-1.p5.amzn2023.0.2.x86_64
    sudo-1.9.15-1.p5.amzn2023.0.2.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-32462, CVE-2025-32463

Mitre: CVE-2025-32462, CVE-2025-32463