Security fix for CVE-2021-3156
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-2cb63d912a
Please login to add feedback.
This update has been submitted for testing by rsroka.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
CVE-2021-3156 fixed. (
"sudoedit -s /"
returns usage instead of error, as described in the blog post's FAQ).Works. Did not validate that the exploit is fixed.
wfm
This update has been submitted for stable by bodhi.
Downloaded build from Koji, sudo still works, and sudoedit -s / shows usage: which means it should not be vulnerable.
I installed the following packages:
sudo dnf install https://kojipkgs.fedoraproject.org//packages/sudo/1.9.5p2/1.fc33/x86_64/sudo-1.9.5p2-1.fc33.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/sudo/1.9.5p2/1.fc33/x86_64/sudo-python-plugin-1.9.5p2-1.fc33.x86_64.rpm
=> rpm -q sudo says "sudo-1.9.5p2-1.fc33.x86_64"
Vulnerability check using (cd /; sudoedit -s '\' xxxxxxxxxxxx) command: * Before: "sudoedit: malloc.c:2394: sysmalloc: Assertion (...) failed." * After: "usage: sudoedit [-AknS] [-r role] (...)"
sudo --version: * Before: Sudo version 1.9.5p1 * After: Sudo version 1.9.5p2
Note: but I failed to test the update in the usual way, "sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-2cb63d912a" doesn't find any update.
Fixes vulnerability (tested using
sudoedit -s /
old output: "sudoedit: /: not a regular file
" new output: "usage: sudoedit
")This update has been pushed to stable.
Works well.
wfm
Worked here
WFM