StackPatch is live — CVE patch ops for indie SaaS, $99 lifetime founder seat (50 only).See product

Back to CVE digest

Package · sudo

`sudo` CVE matrix across Linux distros

168 CVEs tracked across 8 distro releases. Showing the 168 most-recent fix records.

Ecosystems with tracked fixes

Alpine edgeAlpine v3.18Alpine v3.19Alpine v3.20Alpine v3.21Debian bookwormDebian bullseyeDebian trixie

Recent fix records

Each row links to the full per-CVE cross-distro view. Sorted most-recent first.

Debian bullseye

Source: Debian

CVE-2004-1051→ fixed in1.6.8p3-1
CVE-2004-1689→ fixed in1.6.8p3-1
CVE-2005-1993→ fixed in1.6.8p9-1
CVE-2005-2959→ fixed in1.6.8p9-3
CVE-2005-4158→ fixed in1.6.8p12-1
CVE-2005-4890→ fixed in1.7.4p4
CVE-2006-0151→ fixed in1.6.8p12-1
CVE-2008-3067→ fixed in1.6.9p12-1
+33 more in Debian bullseye

Single command to patch all of these:

sudo apt-get install --only-upgrade -y sudo

Debian bookworm

Source: Debian

CVE-2004-1051→ fixed in1.6.8p3-1
CVE-2004-1689→ fixed in1.6.8p3-1
CVE-2005-1993→ fixed in1.6.8p9-1
CVE-2005-2959→ fixed in1.6.8p9-3
CVE-2005-4158→ fixed in1.6.8p12-1
CVE-2005-4890→ fixed in1.7.4p4
CVE-2006-0151→ fixed in1.6.8p12-1
CVE-2008-3067→ fixed in1.6.9p12-1
+35 more in Debian bookworm

Single command to patch all of these:

sudo apt-get install --only-upgrade -y sudo

Debian trixie

Source: Debian

CVE-2004-1051→ fixed in1.6.8p3-1
CVE-2004-1689→ fixed in1.6.8p3-1
CVE-2005-1993→ fixed in1.6.8p9-1
CVE-2005-2959→ fixed in1.6.8p9-3
CVE-2005-4158→ fixed in1.6.8p12-1
CVE-2005-4890→ fixed in1.7.4p4
CVE-2006-0151→ fixed in1.6.8p12-1
CVE-2008-3067→ fixed in1.6.9p12-1
+37 more in Debian trixie

Single command to patch all of these:

sudo apt-get install --only-upgrade -y sudo

Alpine v3.20

Source: Alpine secdb

CVE-2017-1000368→ fixed in1.8.20_p2-r0
CVE-2019-14287→ fixed in1.8.28-r0
CVE-2019-18634→ fixed in1.8.31-r0
CVE-2021-23239→ fixed in1.9.5-r0
CVE-2021-23240→ fixed in1.9.5-r0
CVE-2021-3156→ fixed in1.9.5_p2-r0
CVE-2023-22809→ fixed in1.9.12_p2-r0

Single command to patch all of these:

apk add --upgrade sudo

Alpine v3.21

Source: Alpine secdb

CVE-2017-1000368→ fixed in1.8.20_p2-r0
CVE-2019-14287→ fixed in1.8.28-r0
CVE-2019-18634→ fixed in1.8.31-r0
CVE-2021-23239→ fixed in1.9.5-r0
CVE-2021-23240→ fixed in1.9.5-r0
CVE-2021-3156→ fixed in1.9.5_p2-r0
CVE-2023-22809→ fixed in1.9.12_p2-r0
CVE-2025-32462→ fixed in1.9.17_p1-r0
+1 more in Alpine v3.21

Single command to patch all of these:

apk add --upgrade sudo

Alpine edge

Source: Alpine secdb

CVE-2017-1000368→ fixed in1.8.20_p2-r0
CVE-2019-14287→ fixed in1.8.28-r0
CVE-2019-18634→ fixed in1.8.31-r0
CVE-2021-23239→ fixed in1.9.5-r0
CVE-2021-23240→ fixed in1.9.5-r0
CVE-2021-3156→ fixed in1.9.5_p2-r0
CVE-2023-22809→ fixed in1.9.12_p2-r0
CVE-2025-32462→ fixed in1.9.17_p1-r0
+1 more in Alpine edge

Single command to patch all of these:

apk add --upgrade sudo

Alpine v3.18

Source: Alpine secdb

CVE-2017-1000368→ fixed in1.8.20_p2-r0
CVE-2019-14287→ fixed in1.8.28-r0
CVE-2019-18634→ fixed in1.8.31-r0
CVE-2021-23239→ fixed in1.9.5-r0
CVE-2021-23240→ fixed in1.9.5-r0
CVE-2021-3156→ fixed in1.9.5p2-r0
CVE-2023-22809→ fixed in1.9.12_p2-r0

Single command to patch all of these:

apk add --upgrade sudo

Alpine v3.19

Source: Alpine secdb

CVE-2017-1000368→ fixed in1.8.20_p2-r0
CVE-2019-14287→ fixed in1.8.28-r0
CVE-2019-18634→ fixed in1.8.31-r0
CVE-2021-23239→ fixed in1.9.5-r0
CVE-2021-23240→ fixed in1.9.5-r0
CVE-2021-3156→ fixed in1.9.5_p2-r0
CVE-2023-22809→ fixed in1.9.12_p2-r0

Single command to patch all of these:

apk add --upgrade sudo

Is YOUR sudo patched?

5-second check on your actual server. The quickscan reads your installed sudo version and matches against the same 168-CVE catalog above.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Continuous monitoring ($99 lifetime)