Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0281 sudo security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Red Hat Operating System: Red Hat Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-3156 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0218 https://access.redhat.com/errata/RHSA-2021:0219 https://access.redhat.com/errata/RHSA-2021:0220 https://access.redhat.com/errata/RHSA-2021:0221 https://access.redhat.com/errata/RHSA-2021:0222 https://access.redhat.com/errata/RHSA-2021:0223 https://access.redhat.com/errata/RHSA-2021:0224 https://access.redhat.com/errata/RHSA-2021:0225 https://access.redhat.com/errata/RHSA-2021:0226 https://access.redhat.com/errata/RHSA-2021:0227 Comment: This bulletin contains ten (10) Red Hat security advisories. This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running sudo check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0218-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0218 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: sudo-1.8.29-6.el8_3.1.src.rpm aarch64: sudo-1.8.29-6.el8_3.1.aarch64.rpm sudo-debuginfo-1.8.29-6.el8_3.1.aarch64.rpm sudo-debugsource-1.8.29-6.el8_3.1.aarch64.rpm ppc64le: sudo-1.8.29-6.el8_3.1.ppc64le.rpm sudo-debuginfo-1.8.29-6.el8_3.1.ppc64le.rpm sudo-debugsource-1.8.29-6.el8_3.1.ppc64le.rpm s390x: sudo-1.8.29-6.el8_3.1.s390x.rpm sudo-debuginfo-1.8.29-6.el8_3.1.s390x.rpm sudo-debugsource-1.8.29-6.el8_3.1.s390x.rpm x86_64: sudo-1.8.29-6.el8_3.1.x86_64.rpm sudo-debuginfo-1.8.29-6.el8_3.1.x86_64.rpm sudo-debugsource-1.8.29-6.el8_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBvDNzjgjWX9erEAQhSiw/9HZU8g5QeF/86A/IOTGbey9mafpH2nGXz r1nIvihIw7+RVLc7ATw4wDJIN/JqGI6/UcWEYF80Jy36jcmaJWhNj1DzxMDGiKw1 I+6vUrZAgs5uSwDEgERxfq7WSmAyeolVTmldTSd3YCWp8QMil+w1jX5kPUt6tGaO rtjGf1GS5my1DpkdFx9IAV7BYrFeeQ4liV7pMLkj3SXQN+H3Z1hDaqz+FkZUJA15 ITeIOpwfg7D1vCLA24nlkOmCH+nz5/qsp1LVauuASRgcVy6K0b3MG2Yt1VfwPHFY zcE4GjsJ8X9C2zoOP5lpXfTgIUxgxSO4SM7hEYXXSdU9xhY05jf2GWBX2GklbGZW H96wHmWdwapgBaG7ALS0yVEW/4tZtmNxjCflSZrVNR+deh3yucicrSiGcal7JieF 1DZibSkIHM63OIDqRQveUouhwjnfPTYLorQtY8R6uHh3ovFEh4kn7JXpCbE7Ldah 1SIf7GnWfi3A4qpl/tpafvqaHzxn1uzPh+vnKGlW+r+Xkv4hftCArLV5JsoAuaTy C7YrxPYPj+6Z9jpUqhRekadWCzM+b58Y93JYT4kJzW07++ZCjXe9TWm5306jUGVF lLJiSES7XyhxfwXwc8eCFsqdgbLhVrYywr51ApWTrDLIZqGSnOEuxROUOZXHM+yG JdPaa0+wp40= =XTTH - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0219-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0219 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: sudo-1.8.29-5.el8_2.1.src.rpm aarch64: sudo-1.8.29-5.el8_2.1.aarch64.rpm sudo-debuginfo-1.8.29-5.el8_2.1.aarch64.rpm sudo-debugsource-1.8.29-5.el8_2.1.aarch64.rpm ppc64le: sudo-1.8.29-5.el8_2.1.ppc64le.rpm sudo-debuginfo-1.8.29-5.el8_2.1.ppc64le.rpm sudo-debugsource-1.8.29-5.el8_2.1.ppc64le.rpm s390x: sudo-1.8.29-5.el8_2.1.s390x.rpm sudo-debuginfo-1.8.29-5.el8_2.1.s390x.rpm sudo-debugsource-1.8.29-5.el8_2.1.s390x.rpm x86_64: sudo-1.8.29-5.el8_2.1.x86_64.rpm sudo-debuginfo-1.8.29-5.el8_2.1.x86_64.rpm sudo-debugsource-1.8.29-5.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBByetzjgjWX9erEAQjHEA//aHG/vdAOiHUh1tXKozd7pvRjjLQEuInP R6pE1NMlMJEnWHYymDcridCauNvRowKmZlohJEyidAlh0+6dul+wfauGAUNL0e2U rIyTtU/4xQGTZDJAfgVsTKPda33/VqXAtL0IyIWHOaXbtiP7erYUoprEe98RYrKf P+rbsaT6LpFL81oGAc6s4xP/8fEHEhiUU8slkN3TDop6a023oQX0U9PJVURKXaIR OtGWB4bT5gzNuEXw56Hbh1bQh9/J5w4j3C6CWZIL+x1YTSQayebGLPkMq3uinefF zyI8VpcKGzY2NO6uS/yBVaKV+umAV4IcxL1vOMD4Dha1n5aEbRQO7ZAPSzN8wi3L PdR3Q5MSvGDLJJX82zuyV7fg3395lTyi+uvCOHO8/6r1l9K8CO+/vz9ufK3mnxn9 0zHSjTaRtImKMR2FY9RHEzKMs/VsokaP6y+vWXYi32r3x/er8JYh1WfpMMWWA6WH fNwh9PJuP/SYZ5XJk7t+UaBxO+/iPQcfaAWGwST0s+0TJDs1VyL3qCyqvZUpsogs NvnTQ4q9zmWb81S9X158qdvf7GQ9XgITfCW09w4B5f8QeBO992K1E576sfbARAB6 jLf/FcIhY6i0PvrocYPelHaZJjObf+gJTaGbarODoo7XVgf7kNESSGADu4K/SBxv CoI9+Anw4wE= =3JtB - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0220-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0220 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: sudo-1.8.25p1-8.el8_1.2.src.rpm aarch64: sudo-1.8.25p1-8.el8_1.2.aarch64.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.aarch64.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.aarch64.rpm ppc64le: sudo-1.8.25p1-8.el8_1.2.ppc64le.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.ppc64le.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.ppc64le.rpm s390x: sudo-1.8.25p1-8.el8_1.2.s390x.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.s390x.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.s390x.rpm x86_64: sudo-1.8.25p1-8.el8_1.2.x86_64.rpm sudo-debuginfo-1.8.25p1-8.el8_1.2.x86_64.rpm sudo-debugsource-1.8.25p1-8.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBu9dzjgjWX9erEAQjNYQ/+OnsOQSJRzj4ae6FTOViCnkBTg28Y0I+M ZG/Z2fW45vMpfHkXjTjPcBC1WlSu7PpT2YxPHbI/as2rhO2qstTRBMuWlBREx4Bl fVj/EMiAOIW4SrToVRWfcQ0gOS0Xv+vcdtmGD9eiw4goTjXD2tDG0eAu44w+irGE 0u+c3T/UQFSSwWIGOoWjgQA9WHEwI3O8B2rgMDaSDswPQjuxtO/8eWjG4rQm6qsd 14b0FfeBHUycEnrGw224Bzt0ZzClMypfkwzRThvbvsmt/BvMmNlHt1pFDTOSzn1h B3Luwi67COIekCmq+qbAErUHdc+6nprxDJhYzMFtmXNMNXSsMVbWUKv/+zr4H9KW Y2Ca7cF1tA+xbkdE4ihaW+ODeqXa4ndXcs8libNH91qzGdIPKh4FRsJTtQctEh+I uiUfFSjUrdjWhh+mbZsi8w2YfDDE0CsxupoMl9TheCOrKS0qS8/nhb9ieLqEL8tN OS2I18pt4TmQp4MORqPGjSPpcAuq3bJQXzFLD8/MCBOt0zNn/kOtkE571xbvqmou i59wU8KI2mN21ksGJUd6ZIu9Nqe1MNbbuI8gNdivbKkfVA336yh6FVypISLXqPHB jedj4caKHec+5XX6edRdioJemUZLyiI1B5MMN+ubAnzmGmpKnakwkzIZloAYB1fL MoOYNzDw9JE= =Kfq4 - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0221 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm ppc64: sudo-1.8.23-10.el7_9.1.ppc64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm ppc64le: sudo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm s390x: sudo-1.8.23-10.el7_9.1.s390x.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: sudo-debuginfo-1.8.23-10.el7_9.1.ppc.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm sudo-devel-1.8.23-10.el7_9.1.ppc.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-10.el7_9.1.s390.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm sudo-devel-1.8.23-10.el7_9.1.s390.rpm sudo-devel-1.8.23-10.el7_9.1.s390x.rpm x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sudo-1.8.23-10.el7_9.1.src.rpm x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB9QtzjgjWX9erEAQjMkQ/+PUDUX16Tnzqt7l1CsDAkHsT89EyY1keR 5XAlnrEv0nfw+/Feb2zhjlAlGbZSE1pTHOB4WarZzz2edZW5PRDw2SnljPToGoF2 6e4rlxRMJzFzc1WiOl5VgIq2LsOrqE1x3smwx7UGloMNmld/wgNKzFyddlR3ya0/ k78GAgUD2K/riILpeSG9M3jkK6IX/ecAOV8cK4GnmVAyrc/I0ud+wp+AFaQdKOUd DJ08C4ktxCEDZnCMV7X0fheoVB08T2VUPqM3AT0mP8Q07RWElFNAYYzS0/0ABGdd G/bRXDOiP0Qp92gMjWi4zu8JJk1Yyt8vnXII30gr2dd4f/8O0X6N+fntkhpc86N0 mdXrPNBDXC6YJqahqtTH3ZMNWj37kSX5O0QIxRMMySIuPEhLdkF0A4CBGcP1qpaN BQf/nNAvYlkz70QTL91JkUL98X0Ih+O6IAPxT//C90VXwXTb2+XmBBYjA24/gHJn kpv9ZzJfeCSCVoa019u3r/8pkMIfiN69GpO2FQTJCP4MbIJPHeANp2lYEA+KHPqE XJvy0qh3YEs741KxKwzbaMgOTrYsoMvKhVeJZm0t5bpU5Y5TTF9fCVan8uJ8ke6d buQej1iyBUvPq+gMQvJhwiP1Q2rvgxPmHP+L3Awo9tTqm6b7WsqdRq5K+B025v+d NdZXKIPEQVY= =7/vM - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0222-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0222 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: sudo-1.8.23-4.el7_7.3.src.rpm x86_64: sudo-1.8.23-4.el7_7.3.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm sudo-devel-1.8.23-4.el7_7.3.i686.rpm sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: sudo-1.8.23-4.el7_7.3.src.rpm ppc64: sudo-1.8.23-4.el7_7.3.ppc64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm ppc64le: sudo-1.8.23-4.el7_7.3.ppc64le.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm s390x: sudo-1.8.23-4.el7_7.3.s390x.rpm sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm x86_64: sudo-1.8.23-4.el7_7.3.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: sudo-debuginfo-1.8.23-4.el7_7.3.ppc.rpm sudo-debuginfo-1.8.23-4.el7_7.3.ppc64.rpm sudo-devel-1.8.23-4.el7_7.3.ppc.rpm sudo-devel-1.8.23-4.el7_7.3.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-4.el7_7.3.ppc64le.rpm sudo-devel-1.8.23-4.el7_7.3.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-4.el7_7.3.s390.rpm sudo-debuginfo-1.8.23-4.el7_7.3.s390x.rpm sudo-devel-1.8.23-4.el7_7.3.s390.rpm sudo-devel-1.8.23-4.el7_7.3.s390x.rpm x86_64: sudo-debuginfo-1.8.23-4.el7_7.3.i686.rpm sudo-debuginfo-1.8.23-4.el7_7.3.x86_64.rpm sudo-devel-1.8.23-4.el7_7.3.i686.rpm sudo-devel-1.8.23-4.el7_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB99tzjgjWX9erEAQgQVQ//X+Q+jvAdxYbN9ruIQ3Jo6JJiWPeNgTlP BoC3V9xSxcGwug3b4CULSguc5WXJSSVPgaCX2qEM0UcqRH4FBnWjrCT/yYJItO/z wS59/V87IKzrgXFwo5hUEJylzjrFaDNGUG6+CAZ0Tdrn/esJn7juIhWJmPpJwwAW ecvSc+8Sfqw0YZnXoMK9vrzYzSgw6w+qMBZvPLAp2sU0/AbS/ZbALstu3YD/plpV TjkfrUoysx9Be7U8cT5pypzMTMtsrLngcUnMKUg2XsiblNFlVZ1s5XmuMB3mmhVM S87Q/ooV+cdKizCs0vVVzlMDYSDgJoxGExiR+A2WjmrxZuf5D2/DW59OpMyyIQBB /Qlz6PWhQis9B+RsMHbE8eYUtIKaLm162wjQ+zSeyQombOWy1sNtMLL7ulZMoU3F hnkq6by3mn6iVorkRPIpRLD1lNnrdNIGLuNowKUTza8kRgL4zrXBypl+m+k8z38P GK2Svl+VblTaSQXLns8WV5hv4b2EvRWkY1rJ5iU6+JOCRg4cvy2E5VoFQFLSs02z Lftry/YcnPl4XzJOlI3+uSD/oENN8EqGKNrxaKjdfEfgbBQbUkX5OeUGDMO41Qb1 EVE8TVHhNqyVHdjeHS/4cC/gHaJVOKRmkwXxd2XyUsAI4j8pMZBVgdd9LnnwmhGk ymZ0tXTXCjg= =mSfw - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0223-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0223 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: sudo-1.8.23-3.el7_6.2.src.rpm x86_64: sudo-1.8.23-3.el7_6.2.x86_64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm sudo-devel-1.8.23-3.el7_6.2.i686.rpm sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: sudo-1.8.23-3.el7_6.2.src.rpm ppc64: sudo-1.8.23-3.el7_6.2.ppc64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm ppc64le: sudo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-1.8.23-3.el7_6.2.s390x.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm x86_64: sudo-1.8.23-3.el7_6.2.x86_64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: sudo-1.8.23-3.el7_6.2.src.rpm aarch64: sudo-1.8.23-3.el7_6.2.aarch64.rpm sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm ppc64le: sudo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-1.8.23-3.el7_6.2.s390x.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: sudo-debuginfo-1.8.23-3.el7_6.2.ppc.rpm sudo-debuginfo-1.8.23-3.el7_6.2.ppc64.rpm sudo-devel-1.8.23-3.el7_6.2.ppc.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64.rpm ppc64le: sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm sudo-devel-1.8.23-3.el7_6.2.s390.rpm sudo-devel-1.8.23-3.el7_6.2.s390x.rpm x86_64: sudo-debuginfo-1.8.23-3.el7_6.2.i686.rpm sudo-debuginfo-1.8.23-3.el7_6.2.x86_64.rpm sudo-devel-1.8.23-3.el7_6.2.i686.rpm sudo-devel-1.8.23-3.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: sudo-debuginfo-1.8.23-3.el7_6.2.aarch64.rpm sudo-devel-1.8.23-3.el7_6.2.aarch64.rpm ppc64le: sudo-debuginfo-1.8.23-3.el7_6.2.ppc64le.rpm sudo-devel-1.8.23-3.el7_6.2.ppc64le.rpm s390x: sudo-debuginfo-1.8.23-3.el7_6.2.s390.rpm sudo-debuginfo-1.8.23-3.el7_6.2.s390x.rpm sudo-devel-1.8.23-3.el7_6.2.s390.rpm sudo-devel-1.8.23-3.el7_6.2.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBCATtzjgjWX9erEAQiDkQ/8CyCFW0G3itmCMGwXsP5atS6Tgqc4zwbC ofAgAgWoKKlwelFIMra1XlbcwSiqDKyxRvZVXiberbmvsecRShd7y29CMf75R2FO P7qGv5BY8BLX0zDwHHNTSCdX4EXoMi4OUUzmO4JEgys8Vc0QfLyEpQJbIPJaeE/C OI6niwwsSKeB06CjOpmHef/xoltdiCRkAJ84A3wBN8L603Lbl7Ou1PpomXFTmBpx 1ZI+vHe+rGXLMLYsJOyZSi87spHiXX7ZUwHwf3LOpQvIEP3tTU7QVykAsB2nIWIh VVqjPwOeK4wxM1xn2DtBAeBE1m3QG9xBirIQosAUqh8v7coWyy+kNZxxnFKS8v5F ZuQpsM2c0EbEcz7QL703in6m/1fG8oT6QI/K0PQvAQBlxt4XG0N1Shz1XfCa884z 0xF5C31bd8tDOuakZNPg7ePLXpaZtyn/CZ5kyWIaSkMV5J1vYZIHPyJpb83QecUr c9vjQgD49kz2FzwJkGPcWAeqjBVFrRbE7TJQ8IAzkM08x6XeKuLp8sXixzhXzboy 9TBb65s22fEiHlMCcqW62QJGELPDLSwVvjasnX0tzkSE5t6NYV6HDbHRYcHJEG2b BWwYRlTvgfK1sodYoCGs6IeJVD8nHIeflNgkn0WQIbOznJjmBjgXXGGdj0XPDDuD l3p+edOWn0U= =GeG5 - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0224-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0224 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm ppc64le: sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n 93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8 zGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0 ax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u sS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U WTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn PNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN Pa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP qsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE zXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2 aM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT /eC3svyPRxA= =fsAW - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0225 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: sudo-1.8.6p7-23.el7_3.3.src.rpm x86_64: sudo-1.8.6p7-23.el7_3.3.x86_64.rpm sudo-debuginfo-1.8.6p7-23.el7_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: sudo-debuginfo-1.8.6p7-23.el7_3.3.i686.rpm sudo-debuginfo-1.8.6p7-23.el7_3.3.x86_64.rpm sudo-devel-1.8.6p7-23.el7_3.3.i686.rpm sudo-devel-1.8.6p7-23.el7_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBxitzjgjWX9erEAQiIOw//ZhCQyJ4CAalmMYYpRBkEW6ZsnObixXFL mPVmkjsFXf0vljYDmA2DYcqdiO6WKwLTio8yUeXYrUUkl1ybKf8KWxIr0fZ9P/pD XGGwrDKM7WCTFLTohc+pJl2LeLHz0zB5lQCaYJT/mHcsvvRjW192e1WvvzCSU3cj 3ZvDOCOU5x3LvdbSaq6mui8CmwUvyy8KPGKsCi1/5yR24o4lC6yCjeU1vsbrcxM4 h6WozPk46TTZBkp/q5ulsnIahqWWeFDL7XyFdFEnV8EoiU+88TDHmtOzyoHHSlhC ouim+tgMEos2fcyIpClzmbRhULXmvVVMLaOZqwSmA8mBkgB+4NkNcHcE40WSX1rr qzP7F3abA1G8vqX2rBdxzToz9TnpLG1Bd8uTB+lCbEeAuVD34XWuIsaANg5LdOSz /DVL/EAB04yA8lbMNszzLmCEvtf9d45QzibKSCPsq5LpZRzbexhOPCPM5jn0qTZS 7l2ztp2SvJhq6UqzLMyz+FfoPkIGUdkk1R3mMT2XK/ZF//hQQD9LU75bdSsa1Dy8 5tTFap/xrhJQ91fzPYLljhzGniVbYXK6UwMNjH+dGHuOH5v5nyXrWRIvZ306JIzw iWHTlwHm9mgVcmIElstbLqrVnrpUQoFJa3jK90bYQ6+F7cdS+eBGN4zhwdW5fBRN dKmeFzklq9w= =6+Ou - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0226-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0226 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: sudo-1.8.6p7-17.el7_2.3.src.rpm x86_64: sudo-1.8.6p7-17.el7_2.3.x86_64.rpm sudo-debuginfo-1.8.6p7-17.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: sudo-debuginfo-1.8.6p7-17.el7_2.3.i686.rpm sudo-debuginfo-1.8.6p7-17.el7_2.3.x86_64.rpm sudo-devel-1.8.6p7-17.el7_2.3.i686.rpm sudo-devel-1.8.6p7-17.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBuftzjgjWX9erEAQhMvw//bFNABGm9rbTjaz82JevupvwJHOPyb1lg sjTNW2x6YlUFH22bEgMgZSHmpuQ69Jca5yrLZkoaDQW/81S1haCvU7hSqE7kvDX9 /Q3GBJnV5ZRxPFI0abWNOV21PAuiSirR99EMB5Yq4o5FCzPkI5i+uIYLnrkdW2+J DPPXiIIt6kAj0k4A+tLRCLkyPbemHz8BIU2M9xUEvsAvs/YAv7lMce+lM7g2CAPx SXnsFejr9iNTTplf9mRGiANTP70ATsZc/6zhz8SiHuCDeF8QmnCQZg+xXVkG5jSY GgGy8zoNWOaTVkY+vPPP7hEo4Vt7QN+dvGn+13ELQQKdxqd68NSE4UcyX3FCEZ1y xS6TRGL2k6Uo2qETkzySx6mjAzlacxoMOwVKnGGjkN0Q0+D8AoluLVDUpaJHRnSU mVhDOoY6N9fRhbptzPoKxW/5hCb4ntxtM3extuU33kMSDp44xHX9oF0KzHbPuODq PuV2BF2wdfrImlEUo+yDioA39uRyaYfuc47xtLhzRutfSNyuv62IPiJmk/5bNgcR hI96vucAauFa82M9cRVXPn7mhEWikH7e6VY16hVPWzMSYBt46mKVrC0uzoaXjf9q CgHbYBhCpVCcpW2DemiTD1Eu4mV+ifNJDGoRUlWpcYdeSERN88esibKABJpGf6nH WsI4aXE4VzQ= =mziT - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0227-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0227 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ===================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server (v. 6 ELS): Source: sudo-1.8.6p3-29.el6_10.4.src.rpm i386: sudo-1.8.6p3-29.el6_10.4.i686.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm s390x: sudo-1.8.6p3-29.el6_10.4.s390x.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm x86_64: sudo-1.8.6p3-29.el6_10.4.x86_64.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6 ELS): i386: sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm s390x: sudo-debuginfo-1.8.6p3-29.el6_10.4.s390.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm sudo-devel-1.8.6p3-29.el6_10.4.s390.rpm sudo-devel-1.8.6p3-29.el6_10.4.s390x.rpm x86_64: sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm sudo-devel-1.8.6p3-29.el6_10.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBzLtzjgjWX9erEAQiH8Q//e7VIVRc7bpBJ5UglhZdYAPZOj2ZL4zmz NXeQXgm+/FcWL43s6sap6Z1n6nbFG/ONyusXlXEgBEp5W/P0DBRYeZBpP8RgpeWb 48YUvvAkWhVJHuI+iHbpdzVq8YvujPTgiilX/NWH2Rg1zlX5nt1P+iDkICzw5vej /HfrYVXJ2hv082vc3Vmw5cw/zXUcnjxV/3f6Nw90TOr8JAW3jt8nWaj23NEVPxZK KxQIg1V+hY8xoePo6ieYAqSG/Z+P5uPcLesM1B0quW3yn5Zj2R22EKu9VLCZxx+Q EaJcODlMSKjliOPUiWCEzZFvE35v2yxeLtH1J1PG5btu1yQ0VUP7DdAjnEIxcJHw CjkcrXFvh9cg7iL3KzzhUwaJoqWgKtdianBXl/OGZ+g/yjUJktP6oizr9e4mZs2B XllYFth8vCxQMFApcg0w8qJroL0mDThFKKFxNy6Hp12+uzGVu3axuiGx4lHHIMyY PTf9kbTROKA9o7ZpdEwzyNzM0q45SsR8bl3JUOn1nNu1abwlDDWcJNIM7Et801V4 ECXnCq9fZtKlfo9baBNjOZTM3vNMgpEdjaEnoUY2Nbs7VAfixq6nU+afBvYnRYip Xmr76L401Nt9AGZwsFgcnIij7TBsHqMBZc/dlQZOom0xcFnEBMXr5Otg+WEXpxSC Wa2r4ztj/s4= =vUic - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYBCwkONLKJtyKPYoAQiJqw//YTkQV0dLlzeHExRZkBpPXQpFN0HqBTZo Np9m/kVhwb+gtt61oR5AotA0czuRWU1Pjuu4yVvP+UDcpu4V3g3a4msT2TzfbxYz mxPyghBSfXf8ZDxxqHg+sxVsjwaGwYMcj/gloluOz1ovKhHnHS7mvkkWkzh+rqo9 4iDcpGalC4YN3nenZBZ0AVRWTFtQxnDF/KFlFuGm+Wi7j2BWw3iuRGj7zz65Agf3 DXa8v+n92fyq2DHio9MPBHppjup1nnxAc5A8BKmgZ92FN51I6VyRXTHnhJYB7ytZ S9uecyFizGZi4XqQVMBTMuxu1+Y1IG+5tAgNleG1myFfLZGA9FZ59xuL2kCgw2av gKg/VTWuEoXgiiBUXW2xbgCwjbkA+727adXORxpd+PWftuIsEwYR4VJkMD9yQLGT cRWn+/G4ciCzRg2k8zVacZl5ykpIasrOAh5L5httPfxWNcB4Ft3vil1omjyQpvJI 8qr6iusrXeU8kf9Cz3rlvD3wCDbF01gdxlMBxWS7/xUeVq/XCRfnKPPDx/Bx3f+7 Yi0JhtrUPCHu8Wba+oEI5CbM8UL0b7LEZ/YN/I+1ZUvvb7VdmlsB+MecCy3zyFJZ 99C4nBDuoBzMXFI4Pi7KXujOValkzd4VM3nNuHZutbJsmJEOTKuvPRFk6FOC1oe0 en8h0gUAXKY= =zpcj -----END PGP SIGNATURE-----