On Friday, 29 January 2021 at 18:20 (+0100), Łukasz Michalski via arch-general wrote: > Maybe this should be posted as arch news message? There was an announcement on the security list, attached. Jaron
--- Begin Message ---
- To: arch-security@xxxxxxxxxxxxx
- Subject: [ASA-202101-25] sudo: multiple issues
- From: Morten Linderud via arch-security <arch-security@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 26 Jan 2021 21:14:29 +0100
- Cc: Morten Linderud <foxboron@xxxxxxxxxxxxx>
- Delivered-to: pants@xxxxxxxxxxxxxxxxxxxx
- Reply-to: Announcements about security issues in Arch Linux and its packages <arch-security@xxxxxxxxxxxxxxxxxxx>
Arch Linux Security Advisory ASA-202101-25 ========================================== Severity: Critical Date : 2021-01-20 CVE-ID : CVE-2021-3156 CVE-2021-23239 Package : sudo Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1431 Summary ======= The package sudo before version 1.9.5.p2-1 is vulnerable to multiple issues including privilege escalation and information disclosure. Resolution ========== Upgrade to 1.9.5.p2-1. # pacman -Syu "sudo>=1.9.5.p2-1" The problems have been fixed upstream in version 1.9.5.p2. Workaround ========== None. Description =========== - CVE-2021-3156 (privilege escalation) A serious heap-based buffer overflow has been discovered in sudo before version 1.9.5p2 that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug. - CVE-2021-23239 (information disclosure) A security issue was found in sudo before version 1.9.5. A race condition in sudoedit could have allowed an attacker to test for the existence of directories in arbitrary locations in the file system. Impact ====== Any unprivileged user can escalate privileges, and a local attacker could figure out file locations through a race condition. References ========== https://www.openwall.com/lists/oss-security/2021/01/11/2 https://www.sudo.ws/alerts/unescape_overflow.html https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit https://www.openwall.com/lists/oss-security/2021/01/26/3 https://www.sudo.ws/repos/sudo/rev/9b97f1787804 https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b https://www.sudo.ws/repos/sudo/rev/049ad90590be https://www.sudo.ws/repos/sudo/rev/09f98816fc89 https://www.sudo.ws/repos/sudo/rev/c125fbe68783 https://www.sudo.ws/repos/sudo/rev/ea19d0073c02 https://security.archlinux.org/CVE-2021-3156 https://security.archlinux.org/CVE-2021-23239Attachment: signature.asc
Description: PGP signature
--- End Message ---
