Security update for sudo SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1275-1 Final 1 1 2021-04-20T12:32:02Z current 2021-04-20T12:32:02Z 2021-04-20T12:32:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sudo This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container ses/6/cephcsi/cephcsi:latest-2021-1275,Container ses/6/rook/ceph:latest-2021-1275,Container ses/7/cephcsi/cephcsi:latest-2021-1275,Container ses/7/rook/ceph:latest-2021-1275,SUSE-2021-1275,SUSE-SLE-Module-Basesystem-15-SP2-2021-1275,SUSE-SLE-Product-HPC-15-2021-1275,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1275,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1275,SUSE-SLE-Product-SLES-15-2021-1275,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1275,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1275,SUSE-SLE-Product-SLES_SAP-15-2021-1275,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1275,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1275,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1275,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1275,SUSE-SUSE-MicroOS-5.0-2021-1275,SUSE-Storage-6-2021-1275 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211275-1/ Link for SUSE-SU-2021:1275-1 https://lists.suse.com/pipermail/sle-security-updates/2021-April/008661.html E-Mail link for SUSE-SU-2021:1275-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183936 SUSE Bug 1183936 https://www.suse.com/security/cve/CVE-2021-3156/ SUSE CVE CVE-2021-3156 page Container ses/6/cephcsi/cephcsi:latest Container ses/6/rook/ceph:latest Container ses/7/cephcsi/cephcsi:latest Container ses/7/rook/ceph:latest SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 sudo-1.8.22-4.18.1 sudo-devel-1.8.22-4.18.1 sudo-test-1.8.22-4.18.1 sudo-1.8.22-4.18.1 as a component of Container ses/6/cephcsi/cephcsi:latest sudo-1.8.22-4.18.1 as a component of Container ses/6/rook/ceph:latest sudo-1.8.22-4.18.1 as a component of Container ses/7/cephcsi/cephcsi:latest sudo-1.8.22-4.18.1 as a component of Container ses/7/rook/ceph:latest sudo-1.8.22-4.18.1 as a component of SUSE Enterprise Storage 6 sudo-devel-1.8.22-4.18.1 as a component of SUSE Enterprise Storage 6 sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Micro 5.0 sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15-LTSS sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server 15-LTSS sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 sudo-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 sudo-devel-1.8.22-4.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 sudo-1.8.22-4.18.1 as a component of SUSE Manager Proxy 4.0 sudo-devel-1.8.22-4.18.1 as a component of SUSE Manager Proxy 4.0 sudo-1.8.22-4.18.1 as a component of SUSE Manager Retail Branch Server 4.0 sudo-devel-1.8.22-4.18.1 as a component of SUSE Manager Retail Branch Server 4.0 sudo-1.8.22-4.18.1 as a component of SUSE Manager Server 4.0 sudo-devel-1.8.22-4.18.1 as a component of SUSE Manager Server 4.0 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVE-2021-3156 Container ses/6/cephcsi/cephcsi:latest:sudo-1.8.22-4.18.1 Container ses/6/rook/ceph:latest:sudo-1.8.22-4.18.1 Container ses/7/cephcsi/cephcsi:latest:sudo-1.8.22-4.18.1 Container ses/7/rook/ceph:latest:sudo-1.8.22-4.18.1 SUSE Enterprise Storage 6:sudo-1.8.22-4.18.1 SUSE Enterprise Storage 6:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Micro 5.0:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Server 15 SP1-BCL:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Server 15 SP1-BCL:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Server 15 SP1-LTSS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Server 15 SP1-LTSS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Server 15-LTSS:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Server 15-LTSS:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:sudo-devel-1.8.22-4.18.1 SUSE Linux Enterprise Server for SAP Applications 15:sudo-1.8.22-4.18.1 SUSE Linux Enterprise Server for SAP Applications 15:sudo-devel-1.8.22-4.18.1 SUSE Manager Proxy 4.0:sudo-1.8.22-4.18.1 SUSE Manager Proxy 4.0:sudo-devel-1.8.22-4.18.1 SUSE Manager Retail Branch Server 4.0:sudo-1.8.22-4.18.1 SUSE Manager Retail Branch Server 4.0:sudo-devel-1.8.22-4.18.1 SUSE Manager Server 4.0:sudo-1.8.22-4.18.1 SUSE Manager Server 4.0:sudo-devel-1.8.22-4.18.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211275-1/ https://www.suse.com/security/cve/CVE-2021-3156.html CVE-2021-3156 https://bugzilla.suse.com/1180684 SUSE Bug 1180684 https://bugzilla.suse.com/1181090 SUSE Bug 1181090 https://bugzilla.suse.com/1181506 SUSE Bug 1181506 https://bugzilla.suse.com/1181657 SUSE Bug 1181657 https://bugzilla.suse.com/1183936 SUSE Bug 1183936 https://bugzilla.suse.com/1218863 SUSE Bug 1218863 https://bugzilla.suse.com/1225623 SUSE Bug 1225623