Page MenuHomeFreeBSD
Differential D28363

Update sudo to 1.9.5p2
ClosedPublic
Actions

Authored by cy on Jan 26 2021, 8:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 30, 3:47 PM
Unknown Object (File)
Tue, Apr 30, 3:47 PM
Unknown Object (File)
Tue, Apr 30, 3:47 PM
Unknown Object (File)
Tue, Apr 30, 3:06 PM
Unknown Object (File)
Sun, Apr 28, 4:50 PM
Unknown Object (File)
Sun, Apr 28, 4:50 PM
Unknown Object (File)
Sun, Apr 28, 4:47 PM
Unknown Object (File)
Sun, Apr 28, 9:39 AM
View All 39 Files
Subscribers
delphij
mat

Details

Reviewers
emaste
jmg
garga
Group Reviewers
ports secteam
Commits
rP563000: MFH: r562997
rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2
Summary

This update fixes these two CVEs.

  • When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
  • Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special

See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253034.

characters when running a command via a shell (sudo -s or sudo
-i).  However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible.  This fixes CVE-2021-3156.
Test Plan

Tested here.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

cy created this revision.Jan 26 2021, 8:07 PM
Herald added a subscriber: mat. · View Herald TranscriptJan 26 2021, 8:07 PM
cy requested review of this revision.Jan 26 2021, 8:07 PM
cy added a reviewer: garga.
cy edited the summary of this revision. (Show Details)
cy added a reviewer: ports secteam.Jan 26 2021, 8:09 PM
emaste accepted this revision.Jan 26 2021, 8:09 PM
This revision is now accepted and ready to land.Jan 26 2021, 8:09 PM
Closed by commit rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2 (authored by cy). · Explain WhyJan 26 2021, 8:15 PM
This revision was automatically updated to reflect the committed changes.
cy added a commit: rP562997: security/sudo - update 1.9.5p1 to 1.9.5p2.
delphij added a subscriber: delphij.Jan 26 2021, 8:21 PM

Approved: ports-secteam (delphij)

cy added a commit: rP563000: MFH: r562997.Jan 26 2021, 8:41 PM

Revision Contents
Changeset List

PathSize
security/
sudo/
2 lines
6 lines

Diff 82946

View Options

security/sudo/Makefile

Loading...
View Options

security/sudo/distinfo

Loading...