Source: sudo Version: 1.8.29-1 Severity: important Tags: security upstream Control: found -1 1.8.27-1+deb10u1 Control: found -1 1.8.27-1 Control: found -1 1.8.19p1-2.1+deb9u1 Control: found -1 1.8.19p1-2.1
Hi, The following vulnerability was published for sudo. CVE-2019-18634[0]: | In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users | can trigger a stack-based buffer overflow in the privileged sudo | process. (pwfeedback is a default setting in Linux Mint and elementary | OS; however, it is NOT the default for upstream and many other | packages, and would exist only if enabled by an administrator.) The | attacker needs to deliver a long string to the stdin of getln() in | tgetpass.c. Note that a change in 1.8.26 itself[4] made the bug unexploitable starting from that version, but the issue itself is fixed upstream in 1.8.31. Could you please close this bug once sudo is rebased in unstable to 1.8.31 or the bugfix still cherry-picked? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18634 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634 [1] https://www.sudo.ws/alerts/pwfeedback.html [2] https://www.openwall.com/lists/oss-security/2020/01/30/6 [3] https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 [4] https://www.openwall.com/lists/oss-security/2020/01/31/1 Regards, Salvatore

