sudo 1.9.4p2-2ubuntu2 source package in Ubuntu

Changelog

sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium

  * SECURITY UPDATE: dir existence issue via sudoedit race
    - debian/patches/CVE-2021-23239.patch: fix potential directory existing
      info leak in sudoedit in src/sudo_edit.c.
    - CVE-2021-23239
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/policy.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
      converting a v1 timestamp to TS_LOCKEXCL in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

 -- Marc Deslauriers <email address hidden>  Tue, 26 Jan 2021 14:37:48 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Hirsute
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
sudo_1.9.4p2.orig.tar.gz 3.8 MiB c34af1fa79d40d0869e4010bdd64005290ea2e1ba35638ef07fcc684c4470f64
sudo_1.9.4p2-2ubuntu2.debian.tar.xz 34.7 KiB f428b298b0caddd4c2012a97e899a078eb8ca8e74575eedbae1c368a911d69a1
sudo_1.9.4p2-2ubuntu2.dsc 2.0 KiB e365a5ed99a1a0790d8fdbdd2adc03491f6f0a6c40ddd5019538be4cd35775b9

View changes file

Binary packages built by this source

sudo: No summary available for sudo in ubuntu hirsute.

No description available for sudo in ubuntu hirsute.

sudo-dbgsym: No summary available for sudo-dbgsym in ubuntu hirsute.

No description available for sudo-dbgsym in ubuntu hirsute.

sudo-ldap: No summary available for sudo-ldap in ubuntu hirsute.

No description available for sudo-ldap in ubuntu hirsute.

sudo-ldap-dbgsym: No summary available for sudo-ldap-dbgsym in ubuntu hirsute.

No description available for sudo-ldap-dbgsym in ubuntu hirsute.