Format: 1.8 Date: Tue, 19 Jan 2021 09:21:02 -0500 Source: sudo Binary: sudo sudo-ldap Architecture: arm64 arm64_translations Version: 1.8.31-1ubuntu1.2 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.8.31-1ubuntu1.2) focal-security; urgency=medium . * SECURITY UPDATE: dir existence issue via sudoedit race - debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c. - CVE-2021-23239 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2021-3156-pre1.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c. - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c. - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c. - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is allocated as a single flat buffer in src/parse_args.c. - CVE-2021-3156 Checksums-Sha1: 0da3caf2e6a2e8cc36bdd1529fc9a1027ca3a4e6 1270160 sudo-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb 8dea3bdea6619a1718b8c6b4e5b30cec69acb313 1318072 sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb 1f6f18cc1207f320ac9d6e17eda02580f5cc8638 507888 sudo-ldap_1.8.31-1ubuntu1.2_arm64.deb 880796ff156bab322f5d19a16583ce3d23122e08 7473 sudo_1.8.31-1ubuntu1.2_arm64.buildinfo 8c304287b3742c78dad8d95bbf8c28546a943a5b 473292 sudo_1.8.31-1ubuntu1.2_arm64.deb 2d18020297e430f9e73ea18a7684a03e49398b8f 2068084 sudo_1.8.31-1ubuntu1.2_arm64_translations.tar.gz Checksums-Sha256: f90712ef07bd554f3716ff3c79871dc65871e242532ae7c93902c0fc4d828522 1270160 sudo-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb 0fd0b9bf9e65da9c510104ef67a3f3a2143459cc6daaee1212efe3bbf4d27e63 1318072 sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb ab5141105eebc1e414f2116843b8e43cddb28fd142269c4e91059d0403a31c05 507888 sudo-ldap_1.8.31-1ubuntu1.2_arm64.deb b8c65e95f398bed53988bda37a9c068dfdb575163d679eebf951051c1f2e08d5 7473 sudo_1.8.31-1ubuntu1.2_arm64.buildinfo 7da7f4db5bea9205d12a8b3e5ff72f90dd347592aad4c9c634322e7e08a99ffc 473292 sudo_1.8.31-1ubuntu1.2_arm64.deb 7238996d519fed30fea6c120e6588b381ab8dbac547dba4f6b81d8dfd734b56c 2068084 sudo_1.8.31-1ubuntu1.2_arm64_translations.tar.gz Files: 7e5c3b0e439c606d74c2457235b21f80 1270160 debug optional sudo-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb 77b58ce8b3d067690c2c649de09860f1 1318072 debug optional sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_arm64.ddeb 684ec99e1b6e7f98ff5bc4a2e556cbd6 507888 admin optional sudo-ldap_1.8.31-1ubuntu1.2_arm64.deb 023771856c3cd5ea5d3083a337485e8c 7473 admin optional sudo_1.8.31-1ubuntu1.2_arm64.buildinfo d19cd9a34c1004979105dcf74247d2c5 473292 admin optional sudo_1.8.31-1ubuntu1.2_arm64.deb b9868780cfa11173a2a9c33f2691381c 2068084 raw-translations - sudo_1.8.31-1ubuntu1.2_arm64_translations.tar.gz Original-Maintainer: Bdale Garbee