ArchLinux: 202101-25: sudo: multiple issues
Summary
- CVE-2021-3156 (privilege escalation)
A serious heap-based buffer overflow has been discovered in sudo before
version 1.9.5p2 that is exploitable by any local user. It has been
given the name Baron Samedit by its discoverer. The bug can be
leveraged to elevate privileges to root, even if the user is not listed
in the sudoers file. User authentication is not required to exploit the
bug.
- CVE-2021-23239 (information disclosure)
A security issue was found in sudo before version 1.9.5. A race
condition in sudoedit could have allowed an attacker to test for the
existence of directories in arbitrary locations in the file system.
Resolution
Upgrade to 1.9.5.p2-1.
# pacman -Syu "sudo>=1.9.5.p2-1"
The problems have been fixed upstream in version 1.9.5.p2.
References
https://www.openwall.com/lists/oss-security/2021/01/11/2 https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit https://www.openwall.com/lists/oss-security/2021/01/26/3 https://security.archlinux.org/CVE-2021-3156 https://security.archlinux.org/CVE-2021-23239
Workaround
None.