2021-01-27 sudo security release: Buffer overflow in command line unescaping
On January 26, the Sudo developers released a new sudo utility version that contains a security fix. It is highly recommended to upgrade the sudo package in your system to this latest version.
Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected by the sudo unescape overflow issue (CVE-2021-3156).
The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
Some of the Bitnami solutions includes sudo as system package, run these commands to fix this vulnerability in your system:
Ubuntu / Debian
$ sudo apt-get update && sudo apt-get install sudo
CentOS / Amazon Linux
$ sudo yum update sudo
Find more information about this issue in the Sudo official post.
The Bitnami is working to release new versions of the affected applications for all the supported platforms (virtual machines, cloud images, containers and Helm Charts).
[2021-02-02] All applications affected by this security issue has been released in the different supported platforms
[2021-01-29] 95.54% cloud images for Azure, 99.19% for VMware, 100% for Google, and 98.68% for AWS have been built
[2021-01-28] 100% of containers & Helm Charts have been already released. 35.22% cloud images for Azure, 53.97% for VMware, 98.80% for Google, and 59.49% for AWS have been built.
If you have any questions about this security issue, please post it in our community forum in the case of cloud images, installers or VMs, or via GitHub issues in the case of Helm Charts and containers.