sudo-1.8.29-6.el8.1

エラータID: AXSA:2021-1334:04

Release date: 
Thursday, January 28, 2021 - 12:14
Subject: 
sudo-1.8.29-6.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3156
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-3156
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Additional Info: 

N/A

Download: 

SRPMS
  1. sudo-1.8.29-6.el8.1.src.rpm
    MD5: 6ea2fb430e923e4b6f281bf2fb1d521e
    SHA-256: ea137c61aaa24b5e26b77a6c52ed3950e15465cb5fdb94a5187255cb1320d117
    Size: 3.25 MB

Asianux Server 8 for x86_64
  1. sudo-1.8.29-6.el8.1.x86_64.rpm
    MD5: cf7cc7ba82a63e87cd521dc79a03b5b7
    SHA-256: a6cc138c647bdc632672c1632b816c5a982e733c9e876881b637fe4dd14ab313
    Size: 922.45 kB