Bug 28230

Summary: sudo new security issue CVE-2021-3156
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: sudo-1.9.5-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2021-01-26 21:15:59 CET 
Sudo has issued an advisory today (January 26):
https://www.sudo.ws/alerts/unescape_overflow.html

The issue is fixed upstream in 1.9.5p2:
https://www.sudo.ws/stable.html
Comment 1 Thomas Backlund 2021-01-26 22:52:56 CET 
SRPM:
sudo-1.9.5p2-1.mga7.src.rpm

i586:
sudo-1.9.5p2-1.mga7.i586.rpm
sudo-devel-1.9.5p2-1.mga7.i586.rpm


x86_64:
sudo-1.9.5p2-1.mga7.x86_64.rpm
sudo-devel-1.9.5p2-1.mga7.x86_64.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Dave Hodgins 2021-01-26 23:55:43 CET 
No regressions found. Validating.

CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

Thomas Backlund 2021-01-27 01:02:52 CET

Keywords: (none) => advisory

Comment 3 Mageia Robot 2021-01-27 01:41:25 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0056.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2021-01-29 01:11:25 CET 
RedHat has issued an advisory for this on January 26:
https://access.redhat.com/errata/RHSA-2021:0218