GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jan 27, 2021 2:26 am Post subject: [ GLSA 202101-33 ] sudo |
 |
|
Gentoo Linux Security Advisory
Title: sudo: Multiple vulnerabilities (GLSA 202101-33)
Severity: high
Exploitable: local
Date: 2021-01-26
Bug(s): #764986, #767364
ID: 202101-33
Synopsis
Multiple vulnerabilities have been found in sudo, the worst of
which could result in privilege escalation.
Background
sudo (su “do”) allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some (or
all) commands as root or another user while providing an audit trail of
the commands and their arguments.
Affected Packages
Package: app-admin/sudo
Vulnerable: < 1.9.5_p2
Unaffected: >= 1.9.5_p2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in sudo. Please review the
CVE identifiers referenced below for details.
Impact
Local users are able to gain unauthorized privileges on the system or
determine the existence of files.
Workaround
There is no known workaround at this time.
Resolution
All sudo users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.5_p2"
|
References
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
Upstream
advisory (CVE-2020-23240)
Upstream
advisory (CVE-2021-3156)
|
|
News & Announcements
