Format: 1.8 Date: Tue, 19 Jan 2021 09:21:02 -0500 Source: sudo Binary: sudo sudo-ldap Architecture: i386 i386_translations Version: 1.8.31-1ubuntu1.2 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Changes: sudo (1.8.31-1ubuntu1.2) focal-security; urgency=medium . * SECURITY UPDATE: dir existence issue via sudoedit race - debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c. - CVE-2021-23239 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2021-3156-pre1.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c. - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c. - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c. - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is allocated as a single flat buffer in src/parse_args.c. - CVE-2021-3156 Checksums-Sha1: 619cfee3e620ba41d7fbc15871e45e52d742d554 1115404 sudo-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb d5802ae482e8b48a46f79da110686c7a29732eeb 1154232 sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb 6e17d1f28200d50b5d4ccaf42b1a6ec3edf7db6d 546620 sudo-ldap_1.8.31-1ubuntu1.2_i386.deb ff7f9aac06a7600674fb2c92ff10dd50edce686a 7420 sudo_1.8.31-1ubuntu1.2_i386.buildinfo c313f0a5ef11ccef4eedfe4b0db11dd49a399f4e 510532 sudo_1.8.31-1ubuntu1.2_i386.deb fc7beeb9d15972213240227519a53de4ac9b2d01 2097267 sudo_1.8.31-1ubuntu1.2_i386_translations.tar.gz Checksums-Sha256: 1a742dc4f3ab3c6981d43408334b15a5edbfd29fc89557d7e690cd021bd7e6e6 1115404 sudo-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb baa0c6f27acd5596a4011c0d4fe2223f17d89b250b26ce0096127c313b8101f7 1154232 sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb 050b2f8675cfa98b33a5b018427c342aa6db73cbd6377fbb92423ca1cfd1fef3 546620 sudo-ldap_1.8.31-1ubuntu1.2_i386.deb c07593c6c8b646fd86490b39868ee527377f1157219678515a20927abd258f72 7420 sudo_1.8.31-1ubuntu1.2_i386.buildinfo 7518ff6fc439ac142ce363f3b9ceab836d180be63c455fb146d1c413d1bd7cad 510532 sudo_1.8.31-1ubuntu1.2_i386.deb 5e7b4efa572a3e694aaea362f93d7d067fe7ca1a1f7740d2c4e392b9a0fdc3e1 2097267 sudo_1.8.31-1ubuntu1.2_i386_translations.tar.gz Files: b5ea1a80923113a1ea8fed11321362f0 1115404 debug optional sudo-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb 8f3d34bf5355286c9dbf0beb34d5e7e3 1154232 debug optional sudo-ldap-dbgsym_1.8.31-1ubuntu1.2_i386.ddeb ded59273b41b61a768582c579be80b47 546620 admin optional sudo-ldap_1.8.31-1ubuntu1.2_i386.deb c703e7b1da96ba2d5dc9f93f1777e6f9 7420 admin optional sudo_1.8.31-1ubuntu1.2_i386.buildinfo 66e53bf5c24e4aef80b62fbc6a429767 510532 admin optional sudo_1.8.31-1ubuntu1.2_i386.deb 5d30688c04df8c8f8923152e3b61766f 2097267 raw-translations - sudo_1.8.31-1ubuntu1.2_i386_translations.tar.gz Original-Maintainer: Bdale Garbee