Bug 52704 - sudo: Multiple issues (4.4)
sudo: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-7-errata
Assigned To: Quality Assurance
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-27 09:34 CET by Quality Assurance
Modified: 2021-02-01 09:24 CET (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.0 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2021-01-27 09:34:16 CET
New Debian sudo 1.8.19p1-2.1+deb9u3 fixes:
This update addresses the following issue:
* Heap buffer overflow in argument parsing (CVE-2021-3156)
Comment 1 Quality Assurance univentionstaff 2021-01-27 10:02:41 CET
--- mirror/ftp/4.4/unmaintained/4.4-4/source/sudo_1.8.19p1-2.1+deb9u2.dsc
+++ apt/ucs_4.4-0-errata4.4-7/source/sudo_1.8.19p1-2.1+deb9u3.dsc
@@ -1,3 +1,13 @@
+1.8.19p1-2.1+deb9u3 [Sat, 23 Jan 2021 10:10:33 +0100] Salvatore Bonaccorso <carnil@debian.org>:
+
+  * Non-maintainer upload by the Security Team.
+  * Heap-based buffer overflow (CVE-2021-3156)
+    - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit
+    - Add sudoedit flag checks in plugin that are consistent with front-end
+    - Fix potential buffer overflow when unescaping backslashes in user_args
+    - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL
+    - Don't assume that argv is allocated as a single flat buffer
+
 1.8.19p1-2.1+deb9u2 [Fri, 31 Jan 2020 22:10:55 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload by the Security Team.

<http://10.200.17.11/4.4-7/#3251476448744904964>
Comment 2 Erik Damrose univentionstaff 2021-01-27 15:05:03 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-7] 195df1c292 Bug #52704: sudo 1.8.19p1-2.1+deb9u3
 doc/errata/staging/sudo.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
Comment 4 Olivier Magloire 2021-01-28 14:51:13 CET
Will this be backported to 4.3 too?
Comment 5 Erik Damrose univentionstaff 2021-01-29 10:34:08 CET
The regular UCS 4.3 maintenance ended at the end of May 2020, see https://wiki.univention.de/index.php/Maintenance_Cycle_for_UCS

The update will be made available for customers who bought extended security maintenance.
Comment 6 Olivier Magloire 2021-01-29 16:02:08 CET
Thanks for the reply and link.

What about customers that can not easily update to 4.4 latest? We have at least one that is currently stuck on 4.4-3 and will only be able to have downtimes end of next month.
Comment 7 Erik Damrose univentionstaff 2021-02-01 09:24:25 CET
Please avoid discussions at already closed bugs. I suggest to open a thread on help.univention.com or get in contact with our sales department.

Older 4.4-x versions get no further updates once the security maintenance ends. If required, the fixed sudo package can be downloaded from our mirror and installed manually.

http://updates.software-univention.de/4.4/maintained/component/4.4-7-errata/amd64/