[bitfolk] Local privilege escalation bug in sudo - update no…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Author: Andy Smith
Date:  
To: users
Subject: [bitfolk] Local privilege escalation bug in sudo - update now (CVE-2021-3156)

Reply to this message
gpg: Signature made Tue Jan 26 19:58:34 2021 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,

Most (all?) versions of sudo have a bug where local unprivileged user
can get root access: 

    https://www.openwall.com/lists/oss-security/2021/01/26/3


Updates are already out for most distributions that are still
receiving security updates. If yours isn't then you might want to
remove sudo (and think about an upgrade).

This is CVE-2021-3156.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] CBL DNSBL has gone away[bitfolk] port 500 UDP->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)