Upgrade sudo to 1.9.5p2 version due to CVE-2021–3156 vulnerability

upgrade 20.04 updates sudo vulnerability
10,148

Solution 1

This vulnerability was mitigated by the Ubuntu Security Team on 19 January 2021.

See https://ubuntu.com/security/CVE-2021-3156.

sudo 1.8.31 was patched, which is the normal way of handling most CVEs. The Ubuntu 20.04 package was bumped from 1.8.31-1ubuntu1.1 to 1.8.31-1ubuntu1.2 due to the patches. The 20.04 package won't be upgraded to 1.9.x.

Most users already have the patched version installed: Security updates are automatically detected and installed by your Ubuntu system's Unattended Upgrades application without any user action needed.

How to determine if you are using the patched package: Since this was a patch instead of a new upstream release, sudo --version will merely (and correctly) return 1.18.31 which won't help you. Instead, use apt. Here's an example using apt list. Note the NEW package version (1.8.31-1ubuntu1.2) is installed.

$ apt list sudo
Listing... Done
sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.2 amd64 [installed]

Solution 2

To check whether sudo is vulnerable to CVE-2021-3156 the maintainers recommend doing:

 sudoedit -s '\' `perl -e 'print "A" x 65536'`

If the sudo is patched it will respond with an error that starts with “usage:”.

Share:
10,148

Related videos on Youtube

Lochness
Author by

Lochness

Updated on September 18, 2022

Comments

  • Lochness
    Lochness almost 2 years

    How do I upgrade sudo to version 1.9.5p2? I use Ubuntu 20.04. I have already tried:

    sudo apt-get update 
sudo apt-get upgrade

    But I am still on version 1.8.31.

  • raj
    raj over 3 years
    This command is the command that upstream sudo maintainers recommend as a method to check whether sudo is vulnerable to CVE-2021-3156 or not: sudo.ws/alerts/unescape_overflow.html
  • user535733
    user535733 over 3 years
    That explanation should be in the answer. We don't want folks to misunderstand and think this code applies to all patched software everywhere.
  • dr0i
    dr0i over 3 years
    Took explanation of @raj into the answer.
  • Matrix
    Matrix over 3 years
    apt list sudo En train de lister... Fait sudo/groovy,now 1.9.1-1ubuntu1 amd64 [installé] sudo/groovy 1.9.1-1ubuntu1 i386 i dont have 1.2 version, so its not patched?
  • user535733
    user535733 over 3 years
    @Matrix you are obviously not running 20.04, so the version numbers will be different, of course. 1) Use the link. Look up the correct version for your release of Ubuntu. 2) Determine if you are using that package. If not, then run sudo apt update and sudo apt upgrade. If you still have a problem after that, then see askubuntu.com/questions/563408/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Failed to fetch security undetermined error [IP: 91.189.91.38 80] in Ubuntu 20.04
Is the "Final Release" a "Development Release"?
"sudo apt update" and all I get is (target content is configured multiple times), (the repository does not have a Release file), (404 not found)
The installation or removal of a software package failed
Upgrading Ubuntu 15.04 [to 16.04]
'sudo' command is broken
Can i remove Unity and Ubuntu-Desktop and still get release updates/upgrades?
Trying to upgrade to 16.04 from 15.10, but "the required dependency 'apt (>= 1.0.10.2ubuntu2)' is not installed"?
Error on boot: unknown command 'gfxmode'. Pressing any key continues
Ubuntu 20.04: Can't find basic application menu on the dock and appearance menu in settings