sudo fixes CVE-2019-18634 privilege escalation
A heap overflow in sudo's pwfeedback logic (CVE-2019-18634) allowed local privilege escalation to root on Linux and macOS systems; administrators must update to sudo 1.8.31p2 or vendor equivalents.
Executive briefing: The sudo project released an advisory on for CVE-2019-18634, a heap-based overflow in the pwfeedback feature that can lead to local root compromise. The flaw is exploitable even when sudoers policy normally forbids a user from running commands as root, affecting default builds on many Linux distributions when pwfeedback is enabled.
Operator action: Patch to sudo 1.8.31p2 or distribution updates, deploy quickly on shared multi-user hosts, and confirm pwfeedback remains disabled until patched. Hunt for suspicious uses of sudo with unexpected input errors in system logs and monitor for privilege escalation anomalies.
Sources: Upstream advisory and changelog detail the patch; distribution security bulletins provide package versions and restart guidance.