Differential D28363

Update sudo to 1.9.5p2
ClosedPublic
Actions

Authored by cy on Jan 26 2021, 8:07 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Oct 15, 10:19 AM

	Unknown Object (File)
	Sun, Oct 5, 5:33 AM

	Unknown Object (File)
	Sat, Oct 4, 10:47 PM

	Unknown Object (File)
	Sep 18 2025, 11:39 AM

	Unknown Object (File)
	Sep 18 2025, 1:52 AM

	Unknown Object (File)
	Sep 17 2025, 11:33 PM

	Unknown Object (File)
	Sep 10 2025, 6:57 PM

	Unknown Object (File)
	Aug 26 2025, 10:47 AM

View All 89 Files

Subscribers

Details

Reviewers

emaste
jmg
garga

Group Reviewers

Commits

rP563000: MFH: r562997
rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2

Summary

This update fixes these two CVEs.

When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special

See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253034.

characters when running a command via a shell (sudo -s or sudo
-i).  However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible.  This fixes CVE-2021-3156.

Test Plan

Tested here.

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

cy created this revision.Jan 26 2021, 8:07 PM

Herald added a subscriber: mat. · View Herald TranscriptJan 26 2021, 8:07 PM

cy requested review of this revision.Jan 26 2021, 8:07 PM

cy added a reviewer: garga.

cy edited the summary of this revision. (Show Details)

cy added a reviewer: ports secteam.Jan 26 2021, 8:09 PM

emaste accepted this revision.Jan 26 2021, 8:09 PM

This revision is now accepted and ready to land.Jan 26 2021, 8:09 PM

Closed by commit rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2 (authored by cy). · Explain WhyJan 26 2021, 8:15 PM

This revision was automatically updated to reflect the committed changes.

cy added a commit: rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2.

Approved: ports-secteam (delphij)

cy added a commit: rP563000: MFH: r562997.Jan 26 2021, 8:41 PM

Revision Contents
Changeset List

Path

Size

head/

security/

sudo/

2 lines

6 lines

Diff 82947

head/security/sudo/Makefile

Loading...

head/security/sudo/distinfo

Loading...