USN-4705-1: Sudo vulnerabilities
26 January 2021
Several security issues were fixed in Sudo.
Releases
Packages
- sudo - Provide limited super user privileges to specific users
Details
It was discovered that Sudo incorrectly handled memory when parsing command
lines. A local attacker could possibly use this issue to obtain unintended
access to the administrator account. (CVE-2021-3156)
It was discovered that the Sudo sudoedit utility incorrectly handled
checking directory permissions. A local attacker could possibly use this
issue to bypass file permissions and determine if a directory exists or
not. (CVE-2021-23239)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.