[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2534-1] sudo security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2534-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                 Salvatore Bonaccorso
January 26, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sudo
Version        : 1.8.19p1-2.1+deb9u3
CVE ID         : CVE-2021-3156

The Qualys Research Labs discovered a heap-based buffer overflow
vulnerability in sudo, a program designed to provide limited super user
privileges to specific users. Any local user (sudoers and non-sudoers)
can exploit this flaw for root privilege escalation.

For Debian 9 stretch, this problem has been fixed in version
1.8.19p1-2.1+deb9u3.

We recommend that you upgrade your sudo packages.

For the detailed security status of sudo please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sudo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQW4dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SO5g/+L9dHxCwiDAPV1T4wYOdfafN71qg5s4ZpSl7wqVSfpx83um5ka/gZ7nCe
MmsjXVN92Wx97wM2YncUYQ9/nxCWsh1SOXWUZJWgWJKMQlOpjVwN1UAuQIKSJUcF
QvdcdFikSrhYspgp1qBTngJbLNmTjvnTAL+UPtMsrcUEPcw/EKtVuEbKAkWJPxZT
Wgs8WC9v8JW6rCUg1YHhRjk10d9HXTU5DiEQLmpPiVrAODmy6OzY5QjEuCSFbKEA
h9kq0CzVuworTtapeb+ftChtQponxkOXXte9foXj8JVsbLIuoknb08fIpwtDF7In
qjoV+DGE9y+MoFkvX7TRtXvacNyvE9m9IVskeNfQYsRc1FulANevlx56UG2r5o+M
6yPggqmQgTM6/8+sPONRL5/XRgGA+7Cw/98/5mStR7QgvH3CfMmmt9Ij6J3d4/tE
avuH0T/MatjA5Wt06fUvdusg5WczqUeIL4eNfwMGlwWBQr5Z6YVgOUucLjauRj+o
LxBgqOxdWUhZ7UKDkwqeJOHCuGfLXJzhm9Qu/o8IZC0PqCWKBhNJhyvqDNix9ReW
73XaluW2VRTG4Y8bbxVy854EK/knZgG/RW1ppwLhmXu7nA5dCym3ppcMBxhrhbtr
kdbA6IxpQHVlBtHtnD2fx5dt1elmn94C71NPzweqY/hHufLMg9A=
=o4JS
-----END PGP SIGNATURE-----


Reply to: