Bug 28230 - sudo new security issue CVE-2021-3156
Summary: sudo new security issue CVE-2021-3156
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-01-26 21:15 CET by David Walser
Modified: 2021-01-29 01:11 CET (History)
2 users (show)

See Also:
Source RPM: sudo-1.9.5-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-01-26 21:15:59 CET
Sudo has issued an advisory today (January 26):
https://www.sudo.ws/alerts/unescape_overflow.html

The issue is fixed upstream in 1.9.5p2:
https://www.sudo.ws/stable.html
Comment 1 Thomas Backlund 2021-01-26 22:52:56 CET
SRPM:
sudo-1.9.5p2-1.mga7.src.rpm

i586:
sudo-1.9.5p2-1.mga7.i586.rpm
sudo-devel-1.9.5p2-1.mga7.i586.rpm


x86_64:
sudo-1.9.5p2-1.mga7.x86_64.rpm
sudo-devel-1.9.5p2-1.mga7.x86_64.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Dave Hodgins 2021-01-26 23:55:43 CET
No regressions found. Validating.

CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

Thomas Backlund 2021-01-27 01:02:52 CET

Keywords: (none) => advisory

Comment 3 Mageia Robot 2021-01-27 01:41:25 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0056.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2021-01-29 01:11:25 CET
RedHat has issued an advisory for this on January 26:
https://access.redhat.com/errata/RHSA-2021:0218

Note You need to log in before you can comment on or make changes to this bug.