Debian 10260 Published by

A sudo security update has been released for Debian GNU/Linux 8 Extended LTS to address a heap-based buffer overflow vulnerability in sudo.



ELA-351-1 sudo security update

Package sudo

Version 1.8.10p3-1+deb8u8

Related CVEs CVE-2021-3156

The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

For Debian 8 jessie, these problems have been fixed in version 1.8.10p3-1+deb8u8.

We recommend that you upgrade your sudo packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/ 

ELA-351-1 sudo security update