Upgrade sudo to 1.9.5p2 version due to CVE-2021–3156 vulnerability
Solution 1
This vulnerability was mitigated by the Ubuntu Security Team on 19 January 2021.
See https://ubuntu.com/security/CVE-2021-3156.
sudo 1.8.31
was patched, which is the normal way of handling most CVEs. The Ubuntu 20.04 package was bumped from 1.8.31-1ubuntu1.1 to 1.8.31-1ubuntu1.2 due to the patches. The 20.04 package won't be upgraded to 1.9.x.
Most users already have the patched version installed: Security updates are automatically detected and installed by your Ubuntu system's Unattended Upgrades application without any user action needed.
How to determine if you are using the patched package: Since this was a patch instead of a new upstream release, sudo --version
will merely (and correctly) return 1.18.31
which won't help you. Instead, use apt. Here's an example using apt list
. Note the NEW package version (1.8.31-1ubuntu1.2) is installed.
$ apt list sudo
Listing... Done
sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.2 amd64 [installed]
Solution 2
To check whether sudo
is vulnerable to CVE-2021-3156
the maintainers recommend doing:
sudoedit -s '\' `perl -e 'print "A" x 65536'`
If the sudo
is patched it will respond with an error that starts with “usage:”.
Related videos on Youtube
![Lochness](https://lh3.googleusercontent.com/-T5lvreGAnGw/AAAAAAAAAAI/AAAAAAAAVwA/xXzgni6wKPc/photo.jpg?sz=256)
Lochness
Updated on September 18, 2022Comments
-
Lochness almost 2 years
How do I upgrade
sudo
to version 1.9.5p2? I use Ubuntu 20.04. I have already tried:sudo apt-get update sudo apt-get upgrade
But I am still on version 1.8.31.
-
raj over 3 yearsThis command is the command that upstream
sudo
maintainers recommend as a method to check whethersudo
is vulnerable to CVE-2021-3156 or not: sudo.ws/alerts/unescape_overflow.html -
user535733 over 3 yearsThat explanation should be in the answer. We don't want folks to misunderstand and think this code applies to all patched software everywhere.
-
dr0i over 3 yearsTook explanation of @raj into the answer.
-
Matrix over 3 years
apt list sudo En train de lister... Fait sudo/groovy,now 1.9.1-1ubuntu1 amd64 [installé] sudo/groovy 1.9.1-1ubuntu1 i386
i dont have 1.2 version, so its not patched? -
user535733 over 3 years@Matrix you are obviously not running 20.04, so the version numbers will be different, of course. 1) Use the link. Look up the correct version for your release of Ubuntu. 2) Determine if you are using that package. If not, then run
sudo apt update
andsudo apt upgrade
. If you still have a problem after that, then see askubuntu.com/questions/563408/…