Univention Bugzilla – Bug 55397
sudo: Multiple issues (5.0)
Last modified: 2022-11-09 17:41:37 CET
New Debian sudo 1.8.27-1+deb10u4 fixes: This update addresses the following issue: * possible directory existence test due to race condition in sudoedit (CVE-2021-23239)
--- mirror/ftp/pool/main/s/sudo/sudo_1.8.27-1+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/sudo_1.8.27-1+deb10u4.dsc @@ -1,3 +1,11 @@ +1.8.27-1+deb10u4 [Mon, 07 Nov 2022 11:58:17 +0000] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + * CVE-2021-23239: Prevent an issue where a local unprivileged user may have + been able to perform arbitrary directory-existence tests by exploiting a + race condition in sudoedit by replacing a user-controlled directory by a + symlink to an arbitrary path. + 1.8.27-1+deb10u3 [Wed, 20 Jan 2021 13:26:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-2/#2188147075367073064>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 3527a1efa2 Bug #55397: sudo 1.8.27-1+deb10u4 doc/errata/staging/sudo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-2] f75b37221a Bug #55397: sudo 1.8.27-1+deb10u4 doc/errata/staging/sudo.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x478>