Overview

File _patchinfo of Package patchinfo.17942

<patchinfo incident="17942">
  <issue tracker="bnc" id="1180687">VUL-0: sudo: User Could Enable Debug Settings not Intended for it</issue>
  <issue tracker="bnc" id="1180685">VUL-0: CVE-2021-23240: sudo: Possible Symlink Attack in SELinux Context in `sudoedit`</issue>
  <issue tracker="bnc" id="1181090">VUL-0: EMBARGOED: CVE-2021-3156: sudo: Heap-based buffer overflow in Sudo</issue>
  <issue tracker="bnc" id="1180684">VUL-0: CVE-2021-23239: sudo: Possible Dir Existence Test due to Race Condition in `sudoedit`</issue>
  <issue tracker="cve" id="2021-23240"/>
  <issue tracker="cve" id="2021-23239"/>
  <issue tracker="cve" id="2021-3156"/>
  <packager>simotek</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for sudo</summary>
  <description>This update for sudo fixes the following issues:

- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges 
  [bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit`
  [bsc#1180684,CVE-2021-23239]
- A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685,
  CVE-2021-23240]
- It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places