advisories/28230.adv

type: security
subject: Updated sudo packages fix security vulnerability
CVE:
 -  CVE-2021-3156
src:
  7:
   core:
     - sudo-1.9.5p2-1.mga7
description: |
  A serious heap-based buffer overflow has been discovered in sudo that is
  exploitable by any local user. It has been given the name Baron Samedit
  by its discoverer. The bug can be leveraged to elevate privileges to
  root, even if the user is not listed in the sudoers file. User
  authentication is not required to exploit the bug (CVE-2021-3156). 
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28230
 - https://www.sudo.ws/alerts/unescape_overflow.html
ID: MGASA-2021-0056
1	type: security
2	subject: Updated sudo packages fix security vulnerability
3	CVE:
4	- CVE-2021-3156
5	src:
6	7:
7	core:
8	- sudo-1.9.5p2-1.mga7
9	description: \|
10	A serious heap-based buffer overflow has been discovered in sudo that is
11	exploitable by any local user. It has been given the name Baron Samedit
12	by its discoverer. The bug can be leveraged to elevate privileges to
13	root, even if the user is not listed in the sudoers file. User
14	authentication is not required to exploit the bug (CVE-2021-3156).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=28230
17	- https://www.sudo.ws/alerts/unescape_overflow.html
18	ID: MGASA-2021-0056