sudo vulnerability #665

vmelamed · 2021-01-27T16:49:14Z

vmelamed
Jan 27, 2021

I just did sudo apt update && sudo apt upgrade and I see that there is an update for the sudo package. Does this address the latest sudo vulnerability?

Answered by crramirez

Jan 27, 2021

Hello,

Yes.

apt-get changelog sudo

sudo (1.9.5p1-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Heap-based buffer overflow (CVE-2021-3156)
    - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
    - Add sudoedit flag checks in plugin that are consistent with front-end
    - Fix potential buffer overflow when unescaping backslashes in user_args
    - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
    - Don't assume that argv is allocated as a single flat buffer

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 20 Jan 2021 10:11:47 +0100

View full answer

crramirez · 2021-01-27T17:12:28Z

crramirez
Jan 27, 2021
Maintainer

Hello,

Yes.

apt-get changelog sudo

sudo (1.9.5p1-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Heap-based buffer overflow (CVE-2021-3156)
    - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
    - Add sudoedit flag checks in plugin that are consistent with front-end
    - Fix potential buffer overflow when unescaping backslashes in user_args
    - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
    - Don't assume that argv is allocated as a single flat buffer

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 20 Jan 2021 10:11:47 +0100

1 reply

symbiont-val-melamed Jan 27, 2021

Great!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sudo vulnerability #665

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

sudo vulnerability #665

vmelamed Jan 27, 2021

Replies: 1 comment · 1 reply

crramirez Jan 27, 2021 Maintainer

symbiont-val-melamed Jan 27, 2021

vmelamed
Jan 27, 2021

Replies: 1 comment 1 reply

crramirez
Jan 27, 2021
Maintainer