Two security issues discovered in sudo-rs, a Rust-based implemention of sudo

---

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

---

• To: [email protected]
• Subject: [SECURITY] [DSA 6052-1] rust-sudo-rs security update
• From: Moritz Muehlenhoff <[email protected]>
• Date: Tue, 11 Nov 2025 19:23:24 +0000
• Message-id: <[🔎] [email protected]>
• Reply-to: [email protected]

---

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rust-sudo-rs CVE ID : not yet available Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations. For the stable distribution (trixie), this problem has been fixed in version 0.2.5-5+deb13u1. We recommend that you upgrade your rust-sudo-rs packages. For the detailed security status of rust-sudo-rs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rust-sudo-rs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkTi+AACgkQEMKTtsN8 TjbZOA/6AhtGFZOSecYOHRhclRJuqViqVayIZbKQnV1F1Psi4JDItXxjAofUtzID gSnk0LGNbsveI0lrbI3F+6P5jc4QSimgGoAdRlwz65yDMGv8uLCQLtVzWGuzJfN2 yTN7ndwb6FIdeBQ0NEbJObsgIj5wePFWwes3pA0dL7/0yd5yqKV3lbVV+jNSJ1Hq K4NalTRLwdeC6+KeongSzH+9f1zOuzAW8CZwhLzPf2RWqz2Dll2/Y99z04SNx0tI 8bUJDFR7rr5Ie9grDY3YCcne90uE6NTJ/zQ8jdY4edFdL9VBRBQnyPn2vvslhLC0 uJ6Q16VSeXq2rxV01fAisPilJ7oX8e2EvPnS+AZDstswFLvVtu6ST4yAR3AIIHas cpVxGuaEAET2UlxLXYotz0Z/hvcK8C7p5Axo4x+lTgaIrB6KGEqM5gYOp1kaKoUk SX/5NgwxVMFqaH/OrfWqpqGDti1d+9utOV2n2fJb1ApiDcQOoaswCZ3/gJU3CGhQ Bn9DXdjj4MM5gIRqzD/JkOuLeRyzG0jkZ6Q7qpCpyAsvWu0LNkWu/kccsNe6AElV hg2NbAyeJNNoSqOJxkPXpFJtP2NGe6WxkGviidz2E3dVCXvhr/a27Hgxnt5w/FLs fRUy3BqiEaHp0McVd9F3yINROvfPI+toIMkxMieN6xtbvUksQcI= =l5Q7 -----END PGP SIGNATURE-----

---

Reply to:

• [email protected]
• Moritz Muehlenhoff (on-list)
• Moritz Muehlenhoff (off-list)

---

• Prev by Date: [SECURITY] [DSA 6051-1] incus security update
• Next by Date: [SECURITY] [DSA 6053-1] linux security update
• Previous by thread: [SECURITY] [DSA 6051-1] incus security update
• Next by thread: [SECURITY] [DSA 6053-1] linux security update
• Index(es):
  • Date
  • Thread