ALAS2023-2026-1559

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1559
Advisory Released Date: 2026-04-13
Advisory Updated Date: 2026-04-13
Severity: Important
Issue Overview:

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. (CVE-2026-35535)


Affected Packages:

sudo


Issue Correction:
Run dnf update sudo --releasever 2023.11.20260413 or dnf update --advisory ALAS2023-2026-1559 --releasever 2023.11.20260413 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    sudo-logsrvd-debuginfo-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-python-plugin-debuginfo-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-python-plugin-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-debuginfo-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-devel-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-logsrvd-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-1.9.15-1.p5.amzn2023.0.3.aarch64
    sudo-debugsource-1.9.15-1.p5.amzn2023.0.3.aarch64

src:
    sudo-1.9.15-1.p5.amzn2023.0.3.src

x86_64:
    sudo-python-plugin-debuginfo-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-logsrvd-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-debuginfo-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-logsrvd-debuginfo-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-python-plugin-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-debugsource-1.9.15-1.p5.amzn2023.0.3.x86_64
    sudo-devel-1.9.15-1.p5.amzn2023.0.3.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-35535

Mitre: CVE-2026-35535