Security update for sudo SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0169-1 Final 1 1 2021-01-27T07:24:44Z current 2021-01-27T07:24:44Z 2021-01-27T07:24:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sudo This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-169 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OQJUG5Z7K425IKZS5GT4KPIBGTT4JMW/ E-Mail link for openSUSE-SU-2021:0169-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180684 SUSE Bug 1180684 https://bugzilla.suse.com/1180685 SUSE Bug 1180685 https://bugzilla.suse.com/1180687 SUSE Bug 1180687 https://bugzilla.suse.com/1181090 SUSE Bug 1181090 https://www.suse.com/security/cve/CVE-2021-23239/ SUSE CVE CVE-2021-23239 page https://www.suse.com/security/cve/CVE-2021-23240/ SUSE CVE CVE-2021-23240 page https://www.suse.com/security/cve/CVE-2021-3156/ SUSE CVE CVE-2021-3156 page openSUSE Leap 15.1 sudo-1.8.22-lp151.5.12.1 sudo-devel-1.8.22-lp151.5.12.1 sudo-test-1.8.22-lp151.5.12.1 sudo-1.8.22-lp151.5.12.1 as a component of openSUSE Leap 15.1 sudo-devel-1.8.22-lp151.5.12.1 as a component of openSUSE Leap 15.1 sudo-test-1.8.22-lp151.5.12.1 as a component of openSUSE Leap 15.1 The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239 openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1 low 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OQJUG5Z7K425IKZS5GT4KPIBGTT4JMW/ https://www.suse.com/security/cve/CVE-2021-23239.html CVE-2021-23239 https://bugzilla.suse.com/1171722 SUSE Bug 1171722 https://bugzilla.suse.com/1180684 SUSE Bug 1180684 selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. CVE-2021-23240 openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OQJUG5Z7K425IKZS5GT4KPIBGTT4JMW/ https://www.suse.com/security/cve/CVE-2021-23240.html CVE-2021-23240 https://bugzilla.suse.com/1171722 SUSE Bug 1171722 https://bugzilla.suse.com/1180685 SUSE Bug 1180685 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVE-2021-3156 openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1 openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7OQJUG5Z7K425IKZS5GT4KPIBGTT4JMW/ https://www.suse.com/security/cve/CVE-2021-3156.html CVE-2021-3156 https://bugzilla.suse.com/1180684 SUSE Bug 1180684 https://bugzilla.suse.com/1181090 SUSE Bug 1181090 https://bugzilla.suse.com/1181506 SUSE Bug 1181506 https://bugzilla.suse.com/1181657 SUSE Bug 1181657 https://bugzilla.suse.com/1183936 SUSE Bug 1183936 https://bugzilla.suse.com/1218863 SUSE Bug 1218863 https://bugzilla.suse.com/1225623 SUSE Bug 1225623