MGASA-2021-0056

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0056.html

Import Source

https://advisories.mageia.org/MGASA-2021-0056.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0056

Related

CVE-2021-3156

Published

2021-01-27T00:40:21Z

Modified

2021-01-27T06:58:22Z

Summary

Updated sudo packages fix security vulnerability

Details

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug (CVE-2021-3156).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / sudo

Package

Name: sudo
Purl: pkg:rpm/mageia/sudo?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.5p2-1.mga7

Ecosystem specific

{
    "section": "core"
}