Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: 2021:0227-1 Important: Sudo Critical Fix for Buffer Overflow

suse
Calendar Grey January 26, 2021
Dist Suse Esm H88
SUSE releases essential patches addressing sudo flaws impacting a range of platforms. Key measures outlined within.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0:

References

#1180684 #1180685 #1180687 #1181090

Cross- CVE-2021-23239 CVE-2021-23240 CVE-2021-3156

Affected Products:

SUSE Manager Server 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Proxy 4.0

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP1

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

SUSE Linux Enterprise High Perfor...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0227-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.