Format: 1.8 Date: Tue, 19 Jan 2021 09:48:09 -0500 Source: sudo Binary: sudo sudo-ldap Architecture: s390x s390x_translations Version: 1.8.16-0ubuntu1.10 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.8.16-0ubuntu1.10) xenial-security; urgency=medium . * SECURITY UPDATE: dir existence issue via sudoedit race - debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c. - CVE-2021-23239 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2021-3156-pre1.patch: check lock record size in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-pre2.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c. - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c. - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c. - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is allocated as a single flat buffer in src/parse_args.c. - CVE-2021-3156 Checksums-Sha1: 04e94b365ca9425fc5a64527d8a7710ff57ee637 409456 sudo-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb e3ac4ce5b099cff617e5dc9b8400ff31dfdc1b99 425170 sudo-ldap-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb 3fdb62a93186be2aed1f77b4941d581ae119e242 393580 sudo-ldap_1.8.16-0ubuntu1.10_s390x.deb b9bbb35615c10a4c38314fa5ed469159255cd524 365652 sudo_1.8.16-0ubuntu1.10_s390x.deb 6548de247aa43ded6388016c0f86002786e0ce99 1444573 sudo_1.8.16-0ubuntu1.10_s390x_translations.tar.gz Checksums-Sha256: 5de1d356c41fc6981a599d642ebbc203c58711398abd8f490e710989a201fcbe 409456 sudo-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb b3e21a8f446eb908fa54ca7b612f03bb0d01dbae872153956618537df1d3f348 425170 sudo-ldap-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb b6fa581970190c9b550256beccc0b4ebfd531673d7d54ab51edf0839ef1de2bc 393580 sudo-ldap_1.8.16-0ubuntu1.10_s390x.deb 54d42bf76f9e3e6cc61f403d30b4f6a4c0ae9afd5ea6776b327179a0fa60d6ed 365652 sudo_1.8.16-0ubuntu1.10_s390x.deb e68fe23536fa19e699886ba047c8285c8482cfd5d6b7ced0a0439f35ed7931eb 1444573 sudo_1.8.16-0ubuntu1.10_s390x_translations.tar.gz Files: 61169ee972d229ba815c4f582d203c66 409456 admin extra sudo-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb cc7d1e389c166b689054472564d2e174 425170 admin extra sudo-ldap-dbgsym_1.8.16-0ubuntu1.10_s390x.ddeb 6310e9069c9e7729cc4eac58fd303a7a 393580 admin optional sudo-ldap_1.8.16-0ubuntu1.10_s390x.deb 0c70d5a4bd3212f99444b11a401054be 365652 admin optional sudo_1.8.16-0ubuntu1.10_s390x.deb b53945f6919e96dcbb225a7011d757ca 1444573 raw-translations - sudo_1.8.16-0ubuntu1.10_s390x_translations.tar.gz Original-Maintainer: Bdale Garbee