[ubuntu/hirsute-proposed] sudo 1.9.4p2-2ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jan 26 19:48:12 UTC 2021 

sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium

  * SECURITY UPDATE: dir existence issue via sudoedit race
    - debian/patches/CVE-2021-23239.patch: fix potential directory existing
      info leak in sudoedit in src/sudo_edit.c.
    - CVE-2021-23239
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/policy.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
      converting a v1 timestamp to TS_LOCKEXCL in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

Date: Tue, 26 Jan 2021 14:37:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/sudo/1.9.4p2-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Jan 2021 14:37:48 -0500
Source: sudo
Architecture: source
Version: 1.9.4p2-2ubuntu2
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 sudo (1.9.4p2-2ubuntu2) hirsute; urgency=medium
 .
   * SECURITY UPDATE: dir existence issue via sudoedit race
     - debian/patches/CVE-2021-23239.patch: fix potential directory existing
       info leak in sudoedit in src/sudo_edit.c.
     - CVE-2021-23239
   * SECURITY UPDATE: heap-based buffer overflow
     - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
       MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
     - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
       plugin in plugins/sudoers/policy.c.
     - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
       when unescaping backslashes in plugins/sudoers/sudoers.c.
     - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
       converting a v1 timestamp to TS_LOCKEXCL in
       plugins/sudoers/timestamp.c.
     - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
       allocated as a single flat buffer in src/parse_args.c.
     - CVE-2021-3156
Checksums-Sha1:
 26a238cdeb0fc5ade7a37d528dbce791f4b9f437 2069 sudo_1.9.4p2-2ubuntu2.dsc
 1b40d0a0c0abc5d5c0ccad9f5e10ec78dc84992f 35504 sudo_1.9.4p2-2ubuntu2.debian.tar.xz
 88e31069adecc473d263bdf92a1ff191e3fdebc3 7278 sudo_1.9.4p2-2ubuntu2_source.buildinfo
Checksums-Sha256:
 e365a5ed99a1a0790d8fdbdd2adc03491f6f0a6c40ddd5019538be4cd35775b9 2069 sudo_1.9.4p2-2ubuntu2.dsc
 f428b298b0caddd4c2012a97e899a078eb8ca8e74575eedbae1c368a911d69a1 35504 sudo_1.9.4p2-2ubuntu2.debian.tar.xz
 f442ffbbd3b42cbd1063fd70b64148d1d6edb092b149123dd7323427576f2c5a 7278 sudo_1.9.4p2-2ubuntu2_source.buildinfo
Files:
 f9809976e065a5142c5a27cb337fb9db 2069 admin optional sudo_1.9.4p2-2ubuntu2.dsc
 28bf0a334d65afedcb0dc107654b2374 35504 admin optional sudo_1.9.4p2-2ubuntu2.debian.tar.xz
 0c6009f00f4a046a29aec2bac0281294 7278 admin optional sudo_1.9.4p2-2ubuntu2_source.buildinfo
Original-Maintainer: Bdale Garbee <bdale at gag.com>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAQcVQACgkQZWnYVadE
vpPksRAAsgGpnhx3dKAV+uvYay+gPzBub6wt6AV/kDAcs77FGKfxeGb7EjRe/1xR
LFTnVwM9ydGGuZ3SRYHOBxcrfKeRqHu62xBq91x8EfdPmzzdESrFAiJ/+ruhAJXi
UrAfKIfsBqNheMkPDp4B/BPFmY69QhHLa+CqQQLKHn0TMy+wAObFHjU7tkD3Q2XM
gRKv5QLWHkvrTyo4A5PNsAyjUbbDgHYoZFYQb8Dc7sB3UADa7muMqPUHGaERMTsu
vg6vkzSWdZrORYPR6eMPbuPK3wE0aMVv/191dhwNLqIchv2g6r0FQcOa/1MjtXhd
MwPmuGm7fglQ2PemBAL+o4Rx8CsRcUJnyPB0RnOsfaWTbkN0+UOBjjcti4UDQ+Is
ulWPdzQGZd/wSMji+ye71g/Z+Vays7Oghk1Gy4eOrgVIQ2GYz696itXlqJbDgSjc
40xmSBXoPOmCSsQxH7AquWdZATIlsFeqSfiiiI7QXnxRKU1ltHp7HoyfI4gjin2M
haCm2uLvA9xemhwyg8Qt5iGarBJicDkJnWq+vMDwcQZQ/nqc8UVlaJiNFWFenuq6
VSdEFTk978rqdrX6Dbgj5Qs+ekxYcK7Ml3ubP8Qg/Yvxgsg1Iy1Zw4ZFH9VlFk3O
TSEsnmAvoWOfg08g1VrHvAUfI7AWO5lbPe0wWT9gm22TA0+ozws=
=KjIZ
-----END PGP SIGNATURE-----

More information about the Hirsute-changes mailing list