Issued:: 2021-01-26
Updated:: 2021-01-26

RHSA-2021:0224 - Security Advisory

Overview
Updated Packages

Synopsis

Important: sudo security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Security Fix(es):

sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat Enterprise Linux Server - TUS 7.4 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4 x86_64

Fixes

BZ - 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing

CVEs

CVE-2021-3156

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
sudo-1.8.19p2-12.el7_4.2.src.rpm	SHA-256: 792247edd66efee38c44a6fccdaa982cf98cfc7c8ad3af009d32928ac48ff0b8
x86_64
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: 5587d640e5685a33a5ee96f8e9473f4b6008d459a920413bc21642ff75a072e2
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 2c2e62cd26a6bafe2f4a28e3c7b37dfc0c3d8174289bdf223c47485177d4d113
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 899e79a66e52db0c174218509562a098a0d3a535d069c250d262ce095e89cf17
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b6875101a6519c39a7e1798e8573ae2e40f2f07448a8228b76e9af2ebd6a61f0

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
sudo-1.8.19p2-12.el7_4.2.src.rpm	SHA-256: 792247edd66efee38c44a6fccdaa982cf98cfc7c8ad3af009d32928ac48ff0b8
x86_64
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: 5587d640e5685a33a5ee96f8e9473f4b6008d459a920413bc21642ff75a072e2
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 2c2e62cd26a6bafe2f4a28e3c7b37dfc0c3d8174289bdf223c47485177d4d113
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 899e79a66e52db0c174218509562a098a0d3a535d069c250d262ce095e89cf17
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b6875101a6519c39a7e1798e8573ae2e40f2f07448a8228b76e9af2ebd6a61f0

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4

SRPM
sudo-1.8.19p2-12.el7_4.2.src.rpm	SHA-256: 792247edd66efee38c44a6fccdaa982cf98cfc7c8ad3af009d32928ac48ff0b8
ppc64le
sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm	SHA-256: 366209c5bda8da860804fad8f236f0630cdb73cb5ac022fb6a764c13e7a55bed
sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm	SHA-256: 6b5ae1e0a8521740f797a879e411a111b0774005776513429f908771a75b5cb3
sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm	SHA-256: 6b5ae1e0a8521740f797a879e411a111b0774005776513429f908771a75b5cb3
sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm	SHA-256: 2b6c31223f301c47b50d6dbc5cedb9904302c494ee67fa8ce41eeed0b8896e03

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4

SRPM
sudo-1.8.19p2-12.el7_4.2.src.rpm	SHA-256: 792247edd66efee38c44a6fccdaa982cf98cfc7c8ad3af009d32928ac48ff0b8
x86_64
sudo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: 5587d640e5685a33a5ee96f8e9473f4b6008d459a920413bc21642ff75a072e2
sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 2c2e62cd26a6bafe2f4a28e3c7b37dfc0c3d8174289bdf223c47485177d4d113
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b767c4ba73c043c13b3cffa990a869611b173a467d8f66dfca7dc3d00fa3f5b8
sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm	SHA-256: 899e79a66e52db0c174218509562a098a0d3a535d069c250d262ce095e89cf17
sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm	SHA-256: b6875101a6519c39a7e1798e8573ae2e40f2f07448a8228b76e9af2ebd6a61f0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation