1 |
type: security |
2 |
subject: Updated sudo packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2021-3156 |
5 |
src: |
6 |
7: |
7 |
core: |
8 |
- sudo-1.9.5p2-1.mga7 |
9 |
description: | |
10 |
A serious heap-based buffer overflow has been discovered in sudo that is |
11 |
exploitable by any local user. It has been given the name Baron Samedit |
12 |
by its discoverer. The bug can be leveraged to elevate privileges to |
13 |
root, even if the user is not listed in the sudoers file. User |
14 |
authentication is not required to exploit the bug (CVE-2021-3156). |
15 |
Advisory text to describe the update. |
16 |
Wrap lines at ~75 chars. |
17 |
references: |
18 |
- https://bugs.mageia.org/show_bug.cgi?id=28230 |
19 |
- https://www.sudo.ws/alerts/unescape_overflow.html |