Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0281
sudo security update
27 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: sudo
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Root Compromise -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3156
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0218
https://access.redhat.com/errata/RHSA-2021:0219
https://access.redhat.com/errata/RHSA-2021:0220
https://access.redhat.com/errata/RHSA-2021:0221
https://access.redhat.com/errata/RHSA-2021:0222
https://access.redhat.com/errata/RHSA-2021:0223
https://access.redhat.com/errata/RHSA-2021:0224
https://access.redhat.com/errata/RHSA-2021:0225
https://access.redhat.com/errata/RHSA-2021:0226
https://access.redhat.com/errata/RHSA-2021:0227
Comment: This bulletin contains ten (10) Red Hat security advisories.
This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running sudo check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0218-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0218
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
sudo-1.8.29-6.el8_3.1.src.rpm
aarch64:
sudo-1.8.29-6.el8_3.1.aarch64.rpm
sudo-debuginfo-1.8.29-6.el8_3.1.aarch64.rpm
sudo-debugsource-1.8.29-6.el8_3.1.aarch64.rpm
ppc64le:
sudo-1.8.29-6.el8_3.1.ppc64le.rpm
sudo-debuginfo-1.8.29-6.el8_3.1.ppc64le.rpm
sudo-debugsource-1.8.29-6.el8_3.1.ppc64le.rpm
s390x:
sudo-1.8.29-6.el8_3.1.s390x.rpm
sudo-debuginfo-1.8.29-6.el8_3.1.s390x.rpm
sudo-debugsource-1.8.29-6.el8_3.1.s390x.rpm
x86_64:
sudo-1.8.29-6.el8_3.1.x86_64.rpm
sudo-debuginfo-1.8.29-6.el8_3.1.x86_64.rpm
sudo-debugsource-1.8.29-6.el8_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBBvDNzjgjWX9erEAQhSiw/9HZU8g5QeF/86A/IOTGbey9mafpH2nGXz
r1nIvihIw7+RVLc7ATw4wDJIN/JqGI6/UcWEYF80Jy36jcmaJWhNj1DzxMDGiKw1
I+6vUrZAgs5uSwDEgERxfq7WSmAyeolVTmldTSd3YCWp8QMil+w1jX5kPUt6tGaO
rtjGf1GS5my1DpkdFx9IAV7BYrFeeQ4liV7pMLkj3SXQN+H3Z1hDaqz+FkZUJA15
ITeIOpwfg7D1vCLA24nlkOmCH+nz5/qsp1LVauuASRgcVy6K0b3MG2Yt1VfwPHFY
zcE4GjsJ8X9C2zoOP5lpXfTgIUxgxSO4SM7hEYXXSdU9xhY05jf2GWBX2GklbGZW
H96wHmWdwapgBaG7ALS0yVEW/4tZtmNxjCflSZrVNR+deh3yucicrSiGcal7JieF
1DZibSkIHM63OIDqRQveUouhwjnfPTYLorQtY8R6uHh3ovFEh4kn7JXpCbE7Ldah
1SIf7GnWfi3A4qpl/tpafvqaHzxn1uzPh+vnKGlW+r+Xkv4hftCArLV5JsoAuaTy
C7YrxPYPj+6Z9jpUqhRekadWCzM+b58Y93JYT4kJzW07++ZCjXe9TWm5306jUGVF
lLJiSES7XyhxfwXwc8eCFsqdgbLhVrYywr51ApWTrDLIZqGSnOEuxROUOZXHM+yG
JdPaa0+wp40=
=XTTH
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0219-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0219
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
sudo-1.8.29-5.el8_2.1.src.rpm
aarch64:
sudo-1.8.29-5.el8_2.1.aarch64.rpm
sudo-debuginfo-1.8.29-5.el8_2.1.aarch64.rpm
sudo-debugsource-1.8.29-5.el8_2.1.aarch64.rpm
ppc64le:
sudo-1.8.29-5.el8_2.1.ppc64le.rpm
sudo-debuginfo-1.8.29-5.el8_2.1.ppc64le.rpm
sudo-debugsource-1.8.29-5.el8_2.1.ppc64le.rpm
s390x:
sudo-1.8.29-5.el8_2.1.s390x.rpm
sudo-debuginfo-1.8.29-5.el8_2.1.s390x.rpm
sudo-debugsource-1.8.29-5.el8_2.1.s390x.rpm
x86_64:
sudo-1.8.29-5.el8_2.1.x86_64.rpm
sudo-debuginfo-1.8.29-5.el8_2.1.x86_64.rpm
sudo-debugsource-1.8.29-5.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBByetzjgjWX9erEAQjHEA//aHG/vdAOiHUh1tXKozd7pvRjjLQEuInP
R6pE1NMlMJEnWHYymDcridCauNvRowKmZlohJEyidAlh0+6dul+wfauGAUNL0e2U
rIyTtU/4xQGTZDJAfgVsTKPda33/VqXAtL0IyIWHOaXbtiP7erYUoprEe98RYrKf
P+rbsaT6LpFL81oGAc6s4xP/8fEHEhiUU8slkN3TDop6a023oQX0U9PJVURKXaIR
OtGWB4bT5gzNuEXw56Hbh1bQh9/J5w4j3C6CWZIL+x1YTSQayebGLPkMq3uinefF
zyI8VpcKGzY2NO6uS/yBVaKV+umAV4IcxL1vOMD4Dha1n5aEbRQO7ZAPSzN8wi3L
PdR3Q5MSvGDLJJX82zuyV7fg3395lTyi+uvCOHO8/6r1l9K8CO+/vz9ufK3mnxn9
0zHSjTaRtImKMR2FY9RHEzKMs/VsokaP6y+vWXYi32r3x/er8JYh1WfpMMWWA6WH
fNwh9PJuP/SYZ5XJk7t+UaBxO+/iPQcfaAWGwST0s+0TJDs1VyL3qCyqvZUpsogs
NvnTQ4q9zmWb81S9X158qdvf7GQ9XgITfCW09w4B5f8QeBO992K1E576sfbARAB6
jLf/FcIhY6i0PvrocYPelHaZJjObf+gJTaGbarODoo7XVgf7kNESSGADu4K/SBxv
CoI9+Anw4wE=
=3JtB
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0220-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0220
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.1):
Source:
sudo-1.8.25p1-8.el8_1.2.src.rpm
aarch64:
sudo-1.8.25p1-8.el8_1.2.aarch64.rpm
sudo-debuginfo-1.8.25p1-8.el8_1.2.aarch64.rpm
sudo-debugsource-1.8.25p1-8.el8_1.2.aarch64.rpm
ppc64le:
sudo-1.8.25p1-8.el8_1.2.ppc64le.rpm
sudo-debuginfo-1.8.25p1-8.el8_1.2.ppc64le.rpm
sudo-debugsource-1.8.25p1-8.el8_1.2.ppc64le.rpm
s390x:
sudo-1.8.25p1-8.el8_1.2.s390x.rpm
sudo-debuginfo-1.8.25p1-8.el8_1.2.s390x.rpm
sudo-debugsource-1.8.25p1-8.el8_1.2.s390x.rpm
x86_64:
sudo-1.8.25p1-8.el8_1.2.x86_64.rpm
sudo-debuginfo-1.8.25p1-8.el8_1.2.x86_64.rpm
sudo-debugsource-1.8.25p1-8.el8_1.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBBu9dzjgjWX9erEAQjNYQ/+OnsOQSJRzj4ae6FTOViCnkBTg28Y0I+M
ZG/Z2fW45vMpfHkXjTjPcBC1WlSu7PpT2YxPHbI/as2rhO2qstTRBMuWlBREx4Bl
fVj/EMiAOIW4SrToVRWfcQ0gOS0Xv+vcdtmGD9eiw4goTjXD2tDG0eAu44w+irGE
0u+c3T/UQFSSwWIGOoWjgQA9WHEwI3O8B2rgMDaSDswPQjuxtO/8eWjG4rQm6qsd
14b0FfeBHUycEnrGw224Bzt0ZzClMypfkwzRThvbvsmt/BvMmNlHt1pFDTOSzn1h
B3Luwi67COIekCmq+qbAErUHdc+6nprxDJhYzMFtmXNMNXSsMVbWUKv/+zr4H9KW
Y2Ca7cF1tA+xbkdE4ihaW+ODeqXa4ndXcs8libNH91qzGdIPKh4FRsJTtQctEh+I
uiUfFSjUrdjWhh+mbZsi8w2YfDDE0CsxupoMl9TheCOrKS0qS8/nhb9ieLqEL8tN
OS2I18pt4TmQp4MORqPGjSPpcAuq3bJQXzFLD8/MCBOt0zNn/kOtkE571xbvqmou
i59wU8KI2mN21ksGJUd6ZIu9Nqe1MNbbuI8gNdivbKkfVA336yh6FVypISLXqPHB
jedj4caKHec+5XX6edRdioJemUZLyiI1B5MMN+ubAnzmGmpKnakwkzIZloAYB1fL
MoOYNzDw9JE=
=Kfq4
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0221-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0221
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
sudo-1.8.23-10.el7_9.1.src.rpm
x86_64:
sudo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-devel-1.8.23-10.el7_9.1.i686.rpm
sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
sudo-1.8.23-10.el7_9.1.src.rpm
x86_64:
sudo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-devel-1.8.23-10.el7_9.1.i686.rpm
sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
sudo-1.8.23-10.el7_9.1.src.rpm
ppc64:
sudo-1.8.23-10.el7_9.1.ppc64.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm
ppc64le:
sudo-1.8.23-10.el7_9.1.ppc64le.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm
s390x:
sudo-1.8.23-10.el7_9.1.s390x.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm
x86_64:
sudo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
sudo-debuginfo-1.8.23-10.el7_9.1.ppc.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm
sudo-devel-1.8.23-10.el7_9.1.ppc.rpm
sudo-devel-1.8.23-10.el7_9.1.ppc64.rpm
ppc64le:
sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm
sudo-devel-1.8.23-10.el7_9.1.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-10.el7_9.1.s390.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm
sudo-devel-1.8.23-10.el7_9.1.s390.rpm
sudo-devel-1.8.23-10.el7_9.1.s390x.rpm
x86_64:
sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-devel-1.8.23-10.el7_9.1.i686.rpm
sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
sudo-1.8.23-10.el7_9.1.src.rpm
x86_64:
sudo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm
sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
sudo-devel-1.8.23-10.el7_9.1.i686.rpm
sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBB9QtzjgjWX9erEAQjMkQ/+PUDUX16Tnzqt7l1CsDAkHsT89EyY1keR
5XAlnrEv0nfw+/Feb2zhjlAlGbZSE1pTHOB4WarZzz2edZW5PRDw2SnljPToGoF2
6e4rlxRMJzFzc1WiOl5VgIq2LsOrqE1x3smwx7UGloMNmld/wgNKzFyddlR3ya0/
k78GAgUD2K/riILpeSG9M3jkK6IX/ecAOV8cK4GnmVAyrc/I0ud+wp+AFaQdKOUd
DJ08C4ktxCEDZnCMV7X0fheoVB08T2VUPqM3AT0mP8Q07RWElFNAYYzS0/0ABGdd
G/bRXDOiP0Qp92gMjWi4zu8JJk1Yyt8vnXII30gr2dd4f/8O0X6N+fntkhpc86N0
mdXrPNBDXC6YJqahqtTH3ZMNWj37kSX5O0QIxRMMySIuPEhLdkF0A4CBGcP1qpaN
BQf/nNAvYlkz70QTL91JkUL98X0Ih+O6IAPxT//C90VXwXTb2+XmBBYjA24/gHJn
kpv9ZzJfeCSCVoa019u3r/8pkMIfiN69GpO2FQTJCP4MbIJPHeANp2lYEA+KHPqE
XJvy0qh3YEs741KxKwzbaMgOTrYsoMvKhVeJZm0t5bpU5Y5TTF9fCVan8uJ8ke6d
buQej1iyBUvPq+gMQvJhwiP1Q2rvgxPmHP+L3Awo9tTqm6b7WsqdRq5K+B025v+d
NdZXKIPEQVY=
=7/vM
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0222-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0222
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.7
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):
Source:
sudo-1.8.23-4.el7_7.3.src.rpm
x86_64:
sudo-1.8.23-4.el7_7.3.x86_64.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):
x86_64:
sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm
sudo-devel-1.8.23-4.el7_7.3.i686.rpm
sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
sudo-1.8.23-4.el7_7.3.src.rpm
ppc64:
sudo-1.8.23-4.el7_7.3.ppc64.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm
ppc64le:
sudo-1.8.23-4.el7_7.3.ppc64le.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm
s390x:
sudo-1.8.23-4.el7_7.3.s390x.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm
x86_64:
sudo-1.8.23-4.el7_7.3.x86_64.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.7):
ppc64:
sudo-debuginfo-1.8.23-4.el7_7.3.ppc.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm
sudo-devel-1.8.23-4.el7_7.3.ppc.rpm
sudo-devel-1.8.23-4.el7_7.3.ppc64.rpm
ppc64le:
sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm
sudo-devel-1.8.23-4.el7_7.3.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-4.el7_7.3.s390.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm
sudo-devel-1.8.23-4.el7_7.3.s390.rpm
sudo-devel-1.8.23-4.el7_7.3.s390x.rpm
x86_64:
sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm
sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm
sudo-devel-1.8.23-4.el7_7.3.i686.rpm
sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBB99tzjgjWX9erEAQgQVQ//X+Q+jvAdxYbN9ruIQ3Jo6JJiWPeNgTlP
BoC3V9xSxcGwug3b4CULSguc5WXJSSVPgaCX2qEM0UcqRH4FBnWjrCT/yYJItO/z
wS59/V87IKzrgXFwo5hUEJylzjrFaDNGUG6+CAZ0Tdrn/esJn7juIhWJmPpJwwAW
ecvSc+8Sfqw0YZnXoMK9vrzYzSgw6w+qMBZvPLAp2sU0/AbS/ZbALstu3YD/plpV
TjkfrUoysx9Be7U8cT5pypzMTMtsrLngcUnMKUg2XsiblNFlVZ1s5XmuMB3mmhVM
S87Q/ooV+cdKizCs0vVVzlMDYSDgJoxGExiR+A2WjmrxZuf5D2/DW59OpMyyIQBB
/Qlz6PWhQis9B+RsMHbE8eYUtIKaLm162wjQ+zSeyQombOWy1sNtMLL7ulZMoU3F
hnkq6by3mn6iVorkRPIpRLD1lNnrdNIGLuNowKUTza8kRgL4zrXBypl+m+k8z38P
GK2Svl+VblTaSQXLns8WV5hv4b2EvRWkY1rJ5iU6+JOCRg4cvy2E5VoFQFLSs02z
Lftry/YcnPl4XzJOlI3+uSD/oENN8EqGKNrxaKjdfEfgbBQbUkX5OeUGDMO41Qb1
EVE8TVHhNqyVHdjeHS/4cC/gHaJVOKRmkwXxd2XyUsAI4j8pMZBVgdd9LnnwmhGk
ymZ0tXTXCjg=
=mSfw
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0223-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0223
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
x86_64:
sudo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64:
sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-devel-1.8.23-3.el7_6.2.i686.rpm
sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
ppc64:
sudo-1.8.23-3.el7_6.2.ppc64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm
ppc64le:
sudo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-1.8.23-3.el7_6.2.s390x.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
x86_64:
sudo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
sudo-1.8.23-3.el7_6.2.src.rpm
aarch64:
sudo-1.8.23-3.el7_6.2.aarch64.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm
ppc64le:
sudo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-1.8.23-3.el7_6.2.s390x.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64.rpm
ppc64le:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
sudo-devel-1.8.23-3.el7_6.2.s390.rpm
sudo-devel-1.8.23-3.el7_6.2.s390x.rpm
x86_64:
sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm
sudo-devel-1.8.23-3.el7_6.2.i686.rpm
sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm
sudo-devel-1.8.23-3.el7_6.2.aarch64.rpm
ppc64le:
sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm
sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm
s390x:
sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm
sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm
sudo-devel-1.8.23-3.el7_6.2.s390.rpm
sudo-devel-1.8.23-3.el7_6.2.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBCATtzjgjWX9erEAQiDkQ/8CyCFW0G3itmCMGwXsP5atS6Tgqc4zwbC
ofAgAgWoKKlwelFIMra1XlbcwSiqDKyxRvZVXiberbmvsecRShd7y29CMf75R2FO
P7qGv5BY8BLX0zDwHHNTSCdX4EXoMi4OUUzmO4JEgys8Vc0QfLyEpQJbIPJaeE/C
OI6niwwsSKeB06CjOpmHef/xoltdiCRkAJ84A3wBN8L603Lbl7Ou1PpomXFTmBpx
1ZI+vHe+rGXLMLYsJOyZSi87spHiXX7ZUwHwf3LOpQvIEP3tTU7QVykAsB2nIWIh
VVqjPwOeK4wxM1xn2DtBAeBE1m3QG9xBirIQosAUqh8v7coWyy+kNZxxnFKS8v5F
ZuQpsM2c0EbEcz7QL703in6m/1fG8oT6QI/K0PQvAQBlxt4XG0N1Shz1XfCa884z
0xF5C31bd8tDOuakZNPg7ePLXpaZtyn/CZ5kyWIaSkMV5J1vYZIHPyJpb83QecUr
c9vjQgD49kz2FzwJkGPcWAeqjBVFrRbE7TJQ8IAzkM08x6XeKuLp8sXixzhXzboy
9TBb65s22fEiHlMCcqW62QJGELPDLSwVvjasnX0tzkSE5t6NYV6HDbHRYcHJEG2b
BWwYRlTvgfK1sodYoCGs6IeJVD8nHIeflNgkn0WQIbOznJjmBjgXXGGdj0XPDDuD
l3p+edOWn0U=
=GeG5
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0224-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0224
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source:
sudo-1.8.19p2-12.el7_4.2.src.rpm
x86_64:
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source:
sudo-1.8.19p2-12.el7_4.2.src.rpm
ppc64le:
sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm
x86_64:
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source:
sudo-1.8.19p2-12.el7_4.2.src.rpm
x86_64:
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64:
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le:
sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm
sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm
x86_64:
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.4):
x86_64:
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n
93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8
zGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0
ax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u
sS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U
WTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn
PNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN
Pa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP
qsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE
zXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2
aM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT
/eC3svyPRxA=
=fsAW
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0225-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0225
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.3
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source:
sudo-1.8.6p7-23.el7_3.3.src.rpm
x86_64:
sudo-1.8.6p7-23.el7_3.3.x86_64.rpm
sudo-debuginfo-1.8.6p7-23.el7_3.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.3):
x86_64:
sudo-debuginfo-1.8.6p7-23.el7_3.3.i686.rpm
sudo-debuginfo-1.8.6p7-23.el7_3.3.x86_64.rpm
sudo-devel-1.8.6p7-23.el7_3.3.i686.rpm
sudo-devel-1.8.6p7-23.el7_3.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBBxitzjgjWX9erEAQiIOw//ZhCQyJ4CAalmMYYpRBkEW6ZsnObixXFL
mPVmkjsFXf0vljYDmA2DYcqdiO6WKwLTio8yUeXYrUUkl1ybKf8KWxIr0fZ9P/pD
XGGwrDKM7WCTFLTohc+pJl2LeLHz0zB5lQCaYJT/mHcsvvRjW192e1WvvzCSU3cj
3ZvDOCOU5x3LvdbSaq6mui8CmwUvyy8KPGKsCi1/5yR24o4lC6yCjeU1vsbrcxM4
h6WozPk46TTZBkp/q5ulsnIahqWWeFDL7XyFdFEnV8EoiU+88TDHmtOzyoHHSlhC
ouim+tgMEos2fcyIpClzmbRhULXmvVVMLaOZqwSmA8mBkgB+4NkNcHcE40WSX1rr
qzP7F3abA1G8vqX2rBdxzToz9TnpLG1Bd8uTB+lCbEeAuVD34XWuIsaANg5LdOSz
/DVL/EAB04yA8lbMNszzLmCEvtf9d45QzibKSCPsq5LpZRzbexhOPCPM5jn0qTZS
7l2ztp2SvJhq6UqzLMyz+FfoPkIGUdkk1R3mMT2XK/ZF//hQQD9LU75bdSsa1Dy8
5tTFap/xrhJQ91fzPYLljhzGniVbYXK6UwMNjH+dGHuOH5v5nyXrWRIvZ306JIzw
iWHTlwHm9mgVcmIElstbLqrVnrpUQoFJa3jK90bYQ6+F7cdS+eBGN4zhwdW5fBRN
dKmeFzklq9w=
=6+Ou
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0226-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0226
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source:
sudo-1.8.6p7-17.el7_2.3.src.rpm
x86_64:
sudo-1.8.6p7-17.el7_2.3.x86_64.rpm
sudo-debuginfo-1.8.6p7-17.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64:
sudo-debuginfo-1.8.6p7-17.el7_2.3.i686.rpm
sudo-debuginfo-1.8.6p7-17.el7_2.3.x86_64.rpm
sudo-devel-1.8.6p7-17.el7_2.3.i686.rpm
sudo-devel-1.8.6p7-17.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBBuftzjgjWX9erEAQhMvw//bFNABGm9rbTjaz82JevupvwJHOPyb1lg
sjTNW2x6YlUFH22bEgMgZSHmpuQ69Jca5yrLZkoaDQW/81S1haCvU7hSqE7kvDX9
/Q3GBJnV5ZRxPFI0abWNOV21PAuiSirR99EMB5Yq4o5FCzPkI5i+uIYLnrkdW2+J
DPPXiIIt6kAj0k4A+tLRCLkyPbemHz8BIU2M9xUEvsAvs/YAv7lMce+lM7g2CAPx
SXnsFejr9iNTTplf9mRGiANTP70ATsZc/6zhz8SiHuCDeF8QmnCQZg+xXVkG5jSY
GgGy8zoNWOaTVkY+vPPP7hEo4Vt7QN+dvGn+13ELQQKdxqd68NSE4UcyX3FCEZ1y
xS6TRGL2k6Uo2qETkzySx6mjAzlacxoMOwVKnGGjkN0Q0+D8AoluLVDUpaJHRnSU
mVhDOoY6N9fRhbptzPoKxW/5hCb4ntxtM3extuU33kMSDp44xHX9oF0KzHbPuODq
PuV2BF2wdfrImlEUo+yDioA39uRyaYfuc47xtLhzRutfSNyuv62IPiJmk/5bNgcR
hI96vucAauFa82M9cRVXPn7mhEWikH7e6VY16hVPWzMSYBt46mKVrC0uzoaXjf9q
CgHbYBhCpVCcpW2DemiTD1Eu4mV+ifNJDGoRUlWpcYdeSERN88esibKABJpGf6nH
WsI4aXE4VzQ=
=mziT
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update
Advisory ID: RHSA-2021:0227-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0227
Issue date: 2021-01-26
CVE Names: CVE-2021-3156
=====================================================================
1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 6 Extended
Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64
3. Description:
The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.
Security Fix(es):
* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
6. Package List:
Red Hat Enterprise Linux Server (v. 6 ELS):
Source:
sudo-1.8.6p3-29.el6_10.4.src.rpm
i386:
sudo-1.8.6p3-29.el6_10.4.i686.rpm
sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm
s390x:
sudo-1.8.6p3-29.el6_10.4.s390x.rpm
sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm
x86_64:
sudo-1.8.6p3-29.el6_10.4.x86_64.rpm
sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6 ELS):
i386:
sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm
sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm
s390x:
sudo-debuginfo-1.8.6p3-29.el6_10.4.s390.rpm
sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm
sudo-devel-1.8.6p3-29.el6_10.4.s390.rpm
sudo-devel-1.8.6p3-29.el6_10.4.s390x.rpm
x86_64:
sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm
sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm
sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm
sudo-devel-1.8.6p3-29.el6_10.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYBBzLtzjgjWX9erEAQiH8Q//e7VIVRc7bpBJ5UglhZdYAPZOj2ZL4zmz
NXeQXgm+/FcWL43s6sap6Z1n6nbFG/ONyusXlXEgBEp5W/P0DBRYeZBpP8RgpeWb
48YUvvAkWhVJHuI+iHbpdzVq8YvujPTgiilX/NWH2Rg1zlX5nt1P+iDkICzw5vej
/HfrYVXJ2hv082vc3Vmw5cw/zXUcnjxV/3f6Nw90TOr8JAW3jt8nWaj23NEVPxZK
KxQIg1V+hY8xoePo6ieYAqSG/Z+P5uPcLesM1B0quW3yn5Zj2R22EKu9VLCZxx+Q
EaJcODlMSKjliOPUiWCEzZFvE35v2yxeLtH1J1PG5btu1yQ0VUP7DdAjnEIxcJHw
CjkcrXFvh9cg7iL3KzzhUwaJoqWgKtdianBXl/OGZ+g/yjUJktP6oizr9e4mZs2B
XllYFth8vCxQMFApcg0w8qJroL0mDThFKKFxNy6Hp12+uzGVu3axuiGx4lHHIMyY
PTf9kbTROKA9o7ZpdEwzyNzM0q45SsR8bl3JUOn1nNu1abwlDDWcJNIM7Et801V4
ECXnCq9fZtKlfo9baBNjOZTM3vNMgpEdjaEnoUY2Nbs7VAfixq6nU+afBvYnRYip
Xmr76L401Nt9AGZwsFgcnIij7TBsHqMBZc/dlQZOom0xcFnEBMXr5Otg+WEXpxSC
Wa2r4ztj/s4=
=vUic
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYBCwkONLKJtyKPYoAQiJqw//YTkQV0dLlzeHExRZkBpPXQpFN0HqBTZo
Np9m/kVhwb+gtt61oR5AotA0czuRWU1Pjuu4yVvP+UDcpu4V3g3a4msT2TzfbxYz
mxPyghBSfXf8ZDxxqHg+sxVsjwaGwYMcj/gloluOz1ovKhHnHS7mvkkWkzh+rqo9
4iDcpGalC4YN3nenZBZ0AVRWTFtQxnDF/KFlFuGm+Wi7j2BWw3iuRGj7zz65Agf3
DXa8v+n92fyq2DHio9MPBHppjup1nnxAc5A8BKmgZ92FN51I6VyRXTHnhJYB7ytZ
S9uecyFizGZi4XqQVMBTMuxu1+Y1IG+5tAgNleG1myFfLZGA9FZ59xuL2kCgw2av
gKg/VTWuEoXgiiBUXW2xbgCwjbkA+727adXORxpd+PWftuIsEwYR4VJkMD9yQLGT
cRWn+/G4ciCzRg2k8zVacZl5ykpIasrOAh5L5httPfxWNcB4Ft3vil1omjyQpvJI
8qr6iusrXeU8kf9Cz3rlvD3wCDbF01gdxlMBxWS7/xUeVq/XCRfnKPPDx/Bx3f+7
Yi0JhtrUPCHu8Wba+oEI5CbM8UL0b7LEZ/YN/I+1ZUvvb7VdmlsB+MecCy3zyFJZ
99C4nBDuoBzMXFI4Pi7KXujOValkzd4VM3nNuHZutbJsmJEOTKuvPRFk6FOC1oe0
en8h0gUAXKY=
=zpcj
-----END PGP SIGNATURE-----