{"schema_version":"1.7.2","id":"OESA-2026-1908","modified":"2026-04-17T12:59:26Z","published":"2026-04-17T12:59:26Z","upstream":["CVE-2026-35535"],"summary":"sudo security update","details":"Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity.  The basic philosophy is to give as few privileges as possible but still allow people to get their work done.\r\n\r\nSecurity Fix(es):\n\nIn Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.(CVE-2026-35535)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"sudo","purl":"pkg:rpm/openEuler/sudo&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.15p5-6.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["sudo-1.9.15p5-6.oe2403sp3.aarch64.rpm","sudo-debuginfo-1.9.15p5-6.oe2403sp3.aarch64.rpm","sudo-debugsource-1.9.15p5-6.oe2403sp3.aarch64.rpm","sudo-devel-1.9.15p5-6.oe2403sp3.aarch64.rpm"],"noarch":["sudo-help-1.9.15p5-6.oe2403sp3.noarch.rpm"],"src":["sudo-1.9.15p5-6.oe2403sp3.src.rpm"],"x86_64":["sudo-1.9.15p5-6.oe2403sp3.x86_64.rpm","sudo-debuginfo-1.9.15p5-6.oe2403sp3.x86_64.rpm","sudo-debugsource-1.9.15p5-6.oe2403sp3.x86_64.rpm","sudo-devel-1.9.15p5-6.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1908"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35535"}],"database_specific":{"severity":"High"}}