This is an old revision of the document!


Slackware-14.2 ChangeLog (2021-01-26)

Tue Jan 26 21:20:58 UTC 2021

  • patches/packages/sudo-1.9.5p2-i586-1_slack14.2.txz
    When invoked as sudoedit, the same set of command line options
    are now accepted as for “sudo -e”. The -H and -P options are
    now rejected for sudoedit and “sudo -e” which matches the sudo
    1.7 behavior. This is part of the fix for CVE-2021-3156.
    Fixed a potential buffer overflow when unescaping backslashes
    in the command's arguments. Normally, sudo escapes special
    characters when running a command via a shell (sudo -s or sudo
    -i). However, it was also possible to run sudoedit with the -s
    or -i flags in which case no escaping had actually been done,
    making a buffer overflow possible. This fixes CVE-2021-3156.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
    (* Security fix *)
  • news/2021/01/26/slackware-14.2-changelog.1611758705.txt.gz
  • Last modified: 3 years ago
  • by Giuseppe Di Terlizzi