FEDORA-2021-2cb63d912a created by rsroka 10 months ago for Fedora 33
stable

Security fix for CVE-2021-3156

How to install

sudo dnf upgrade --advisory=FEDORA-2021-2cb63d912a

This update has been submitted for testing by rsroka.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago
User Icon gourlaysama commented & provided feedback 10 months ago
karma

CVE-2021-3156 fixed. ("sudoedit -s /" returns usage instead of error, as described in the blog post's FAQ).

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon mattdm commented & provided feedback 10 months ago
karma

Works. Did not validate that the exploit is fixed.

BZ#1920611 sudo-1.9.5p2 is available
User Icon ttrinks commented & provided feedback 10 months ago
karma

wfm

This update has been submitted for stable by bodhi.

10 months ago
User Icon edwintorok commented & provided feedback 10 months ago
karma

Downloaded build from Koji, sudo still works, and sudoedit -s / shows usage: which means it should not be vulnerable.

karma
BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon vstinner commented & provided feedback 10 months ago
karma

I installed the following packages:

sudo dnf install https://kojipkgs.fedoraproject.org//packages/sudo/1.9.5p2/1.fc33/x86_64/sudo-1.9.5p2-1.fc33.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/sudo/1.9.5p2/1.fc33/x86_64/sudo-python-plugin-1.9.5p2-1.fc33.x86_64.rpm

=> rpm -q sudo says "sudo-1.9.5p2-1.fc33.x86_64"

Vulnerability check using (cd /; sudoedit -s '\' xxxxxxxxxxxx) command: * Before: "sudoedit: malloc.c:2394: sysmalloc: Assertion (...) failed." * After: "usage: sudoedit [-AknS] [-r role] (...)"

sudo --version: * Before: Sudo version 1.9.5p1 * After: Sudo version 1.9.5p2

Note: but I failed to test the update in the usual way, "sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2cb63d912a" doesn't find any update.

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon uwueviee commented & provided feedback 10 months ago
karma

Fixes vulnerability (tested using sudoedit -s / old output: "sudoedit: /: not a regular file" new output: "usage: sudoedit")

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]

This update has been pushed to stable.

10 months ago
User Icon scorreia commented & provided feedback 10 months ago
karma

Works well.

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon t3rm1n4l commented & provided feedback 10 months ago
karma

wfm

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon ersen provided feedback 10 months ago
karma
BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon odilhao commented & provided feedback 10 months ago
karma

Worked here

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
User Icon geraldosimiao commented & provided feedback 9 months ago
karma

WFM

BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
BZ#1920611 sudo-1.9.5p2 is available
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
11
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
10 months ago
in stable
10 months ago
BZ#1917684 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
0
9
BZ#1920611 sudo-1.9.5p2 is available
0
8
BZ#1920618 CVE-2021-3156 sudo: Heap buffer overflow in argument parsing [fedora-all]
0
9

Automated Test Results