[Buildroot] [PATCH 1/1] package/sudo: security bump to version 1.9.5p2
Peter Korsgaard
peter at korsgaard.com
Wed Jan 27 20:42:48 UTC 2021
>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:
> Major changes between sudo 1.9.5p2 and 1.9.5p1
> * Buildroot: dropped a patch that was included in the release.
> * Fixed sudo's setprogname(3) emulation on systems that don't
> provide it.
> * Fixed a problem with the sudoers log server client where a partial
> write to the server could result the sudo process consuming large
> amounts of CPU time due to a cycle in the buffer queue. Bug #954.
> * Added a missing dependency on libsudo_util in libsudo_eventlog.
> Fixes a link error when building sudo statically.
> * The user's KRB5CCNAME environment variable is now preserved when
> performing PAM authentication. This fixes GSSAPI authentication
> when the user has a non-default ccache.
> * When invoked as sudoedit, the same set of command line options
> are now accepted as for "sudo -e". The -H and -P options are
> now rejected for sudoedit and "sudo -e" which matches the sudo
> 1.7 behavior. This is part of the fix for CVE-2021-3156.
> * Fixed a potential buffer overflow when unescaping backslashes
> in the command's arguments. Normally, sudo escapes special
> characters when running a command via a shell (sudo -s or sudo
> -i). However, it was also possible to run sudoedit with the -s
> or -i flags in which case no escaping had actually been done,
> making a buffer overflow possible. This fixes CVE-2021-3156.
> https://www.sudo.ws/stable.html#1.9.5p2
> Signed-off-by: Christian Stewart <christian at paral.in>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list