[arch-general] CVE-2021-3156 (Heap-Based Buffer Overflow in Sudo)
g.schlisio at dukun.de
Fri Jan 29 17:32:02 UTC 2021
Am 29.01.2021 18:20, schrieb Łukasz Michalski via arch-general:
> Just checked my servers and all were vulnerable:
> [zork at archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
> malloc(): corrupted top size
> Aborted (core dumped)
> Updating to the latest version (sudo-1.9.5.p2-1) closed this
> vulnerability. Maybe this should be posted as arch news message?
There has been an ASA on arch-security  on top of huge press
coverage, that should suffice.
More information about the arch-general