Ubuntu
sudo package

sudo 1.9.1-1ubuntu1.1 source package in Ubuntu

Changelog

sudo (1.9.1-1ubuntu1.1) groovy-security; urgency=medium

  * SECURITY UPDATE: dir existence issue via sudoedit race
    - debian/patches/CVE-2021-23239.patch: fix potential directory existing
      info leak in sudoedit in src/sudo_edit.c.
    - CVE-2021-23239
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/policy.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
      converting a v1 timestamp to TS_LOCKEXCL in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156
  * debian/control: added tzdata to Build-Depends so that the time zone
    data directory is present during builds.

 -- Marc Deslauriers <email address hidden>  Tue, 19 Jan 2021 09:08:56 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
sudo_1.9.1.orig.tar.gz 3.7 MiB 294116cefe10a02773917fc7440d8384b925955bc96a6e0eaa1977c83b34adff
sudo_1.9.1-1ubuntu1.1.debian.tar.xz 34.5 KiB 775b2cf55626f9d4b49b88521d241c4af55e41a492b7d951b13f1c5ca785a15c
sudo_1.9.1-1ubuntu1.1.dsc 2.0 KiB ef54101aa3fcc02478ba900495c13a5f4c80d1a92ab8622cc1ea3b2168fdac6b

View changes file

Binary packages built by this source

sudo: No summary available for sudo in ubuntu groovy.

No description available for sudo in ubuntu groovy.

sudo-dbgsym: No summary available for sudo-dbgsym in ubuntu groovy.

No description available for sudo-dbgsym in ubuntu groovy.

sudo-ldap: No summary available for sudo-ldap in ubuntu groovy.

No description available for sudo-ldap in ubuntu groovy.

sudo-ldap-dbgsym: No summary available for sudo-ldap-dbgsym in ubuntu groovy.

No description available for sudo-ldap-dbgsym in ubuntu groovy.