Date: Tue, 26 Jan 2021 20:28:56 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r562998 - head/security/vuxml Message-ID: <202101262028.10QKSucB049498@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Tue Jan 26 20:28:56 2021 New Revision: 562998 URL: https://svnweb.freebsd.org/changeset/ports/562998 Log: Document sudo CVE-2021-3156. * When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. PR: 253034 Reported by: "Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list emaste Obtained from: sudo Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jan 26 20:15:31 2021 (r562997) +++ head/security/vuxml/vuln.xml Tue Jan 26 20:28:56 2021 (r562998) @@ -77,6 +77,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f3cf4b33-6013-11eb-9a0e-206a8a720317"> + <topic>sudo -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>sudo</name> + <range><lt>1.9.5p2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd C. Miller reports:</p> + <blockquote cite="https://www.sudo.ws/stable.html#1.9.5p2"> + <p>When invoked as sudoedit, the same set of command line options + are now accepted as for sudo -e. The -H and -P options are now + rejected for sudoedit and sudo -e which matches the sudo 1.7 + behavior. This is part of the fix for CVE-2021-3156.</p> + <p>Fixed a potential buffer overflow when unescaping backslashes in + the command's arguments. Normally, sudo escapes special characters + when running a command via a shell (sudo -s or sudo -i). However, + it was also possible to run sudoedit with the -s or -i flags in + which case no escaping had actually been done, making a buffer + overflow possible. This fixes CVE-2021-3156.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.sudo.ws/stable.html#1.9.5p2</url> + <cvename>CVE-2021-3156</cvename> + </references> + <dates> + <discovery>2021-01-26</discovery> + <entry>2021-01-26</entry> + </dates> + </vuln> + <vuln vid="fb67567a-5d95-11eb-a955-08002728f74c"> <topic>pysaml2 -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101262028.10QKSucB049498>