Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.

#Power

View Only

Back to discussions

Expand all | Collapse all

CVE-2025-32463 in sudo - Fixed in 1.9.17p1

1. CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Niklas Vosskoetter

IBM Champion
Posted Tue July 01, 2025 01:47 PM

Reply
Hey OSS-Team,

we need sudo in version 1.9.17p1, because the the CVE-2025-32463 is rated with a 9,3 and we have to fix that asap.

Please check: https://nvd.nist.gov/vuln/detail/CVE-2025-32463

Many thanks in advance

------------------------------
Niklas Vosskoetter
Deputy Team Lead & System Engineer Unix and Cloud Service Power
------------------------------

#AIXOpenSource
2. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
RESHMA KUMAR
Posted Wed July 02, 2025 05:59 AM

Reply
Hi Niklas,
Thanks for reporting. We are working on updating to this version of sudo.

------------------------------
RESHMA KUMAR
------------------------------

Original Message
3. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Peter Schlafmann
Posted Wed July 02, 2025 10:05 AM

Reply
Thanks Reshma for the update - any timeline available for the fix/update?

------------------------------
Peter Schlafmann
------------------------------

Original Message
4. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
RESHMA KUMAR
Posted Thu July 03, 2025 01:42 AM

Reply
Hi Peter,
We will make it available by next week.

------------------------------
RESHMA KUMAR
------------------------------

Original Message
5. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Robert John
Posted Mon July 07, 2025 03:38 AM

Reply
Thanks Reshma for the update - would you pls.- also provide a new "sudo_ids" package, which solves that CVE?
Thanks + Regards, Robert John

------------------------------
Robert John
------------------------------

Original Message
6. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Peter Schlafmann
Posted Thu July 10, 2025 07:41 AM

Reply
Hi Reshma, any update on this - my customer is urgently waiting for the fixed version.

kind regards Peter

------------------------------
Peter Schlafmann
------------------------------

Original Message
7. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Don brodie
Posted Thu July 10, 2025 10:40 AM

Reply
Hello, Is there a date set for availability of this?

Thanks,

Don Brodie

------------------------------
Don brodie
------------------------------

Original Message
8. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
RESHMA KUMAR
Posted Fri July 11, 2025 01:20 AM

Reply
Hi All,
Sudo 1.9.17p1 is now available in AIX Toolbox. Please use DNF to update to this version.
sudo-1.9.17p1-1.aix7.1.ppc.rpm
sudo_ids-1.9.17p1-1.aix7.1.ppc.rpm
sudo_noldap-1.9.17p1-1.aix7.1.ppc.rpm

------------------------------
RESHMA KUMAR
------------------------------

Original Message
9. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Boost unix
Posted Tue July 15, 2025 11:53 PM

Reply
Hi Reshma,

not able to download the pkg sudo-1.9.17p1-1.aix7.1.ppc.rpm

Regards

Venkata B

------------------------------
Boost unix
------------------------------

Original Message
10. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Like
Niklas Vosskoetter

IBM Champion
Posted Tue July 22, 2025 02:22 AM

Reply
Hey OSS-Team,

many thanks for the new packages. Tests were successful and the rollout was started.

------------------------------
Niklas Vosskoetter
Deputy Team Lead & System Engineer Unix and Cloud Service Power
------------------------------

Original Message

Open Source Development

Power Open Source Development

CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Niklas VosskoetterTue July 01, 2025 01:47 PM

RESHMA KUMARWed July 02, 2025 05:59 AM

Peter SchlafmannWed July 02, 2025 10:05 AM

RESHMA KUMARThu July 03, 2025 01:42 AM

Robert JohnMon July 07, 2025 03:38 AM

Peter SchlafmannThu July 10, 2025 07:41 AM

Don brodieThu July 10, 2025 10:40 AM

RESHMA KUMARFri July 11, 2025 01:20 AM

Boost unixTue July 15, 2025 11:53 PM

Niklas VosskoetterTue July 22, 2025 02:22 AM

1. CVE-2025-32463 in sudo - Fixed in 1.9.17p1

2. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

3. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

4. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

5. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

6. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

7. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

8. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

9. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

10. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Additional
Resources

Office

Quick Links

Open Source Development

Power Open Source Development

CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Niklas VosskoetterTue July 01, 2025 01:47 PM

RESHMA KUMARWed July 02, 2025 05:59 AM

Peter SchlafmannWed July 02, 2025 10:05 AM

RESHMA KUMARThu July 03, 2025 01:42 AM

Robert JohnMon July 07, 2025 03:38 AM

Peter SchlafmannThu July 10, 2025 07:41 AM

Don brodieThu July 10, 2025 10:40 AM

RESHMA KUMARFri July 11, 2025 01:20 AM

Boost unixTue July 15, 2025 11:53 PM

Niklas VosskoetterTue July 22, 2025 02:22 AM

1. CVE-2025-32463 in sudo - Fixed in 1.9.17p1

2. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

3. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

4. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

5. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

6. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

7. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

8. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

9. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

10. RE: CVE-2025-32463 in sudo - Fixed in 1.9.17p1

Related Content

Sudo upgrade to sudo-1.9.17p1

AIX Toolbox rpm packages signature

Problem installing ca-certificates-2024.2.66-1.aix7.1.ppc.rpm prerequisite curl-8.9.1-1.aix7.1.ppc.rpm on AIX 7300-02-03-2446

SUDO 1.8.27 vulnerable to CVE-2019-14287 - Fixed in 1.8.28

Samba Installation on AIX 7.1 At Issue libgcc

Additional Resources

Office

Quick Links

Additional
Resources