Created attachment 221481 [details] sudo 1.9.5p1 fixes a setuid security vulnerbility introduced in 1.9.5 The priority is set to P1 due to the security exposure. Sudo version 1.9.5p1 is now available which fixes a bug introduced in sudo 1.9.5. Sudo 1.9.5 fixed several bugs, including CVE-2021-23239 and CVE-2021-23240 which have security implications. See below for details. Source: https://www.sudo.ws/dist/sudo-1.9.5p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p1.tar.gz SHA256 checksum: 4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882 MD5 checksum: 145f6e69c116f82cf0377ccf459344eb Binary packages: https://www.sudo.ws/download.html#binary For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.5p1 and 1.9.5 * Fixed a regression introduced in sudo 1.9.5 where the editor run by sudoedit was set-user-ID root unless SELinux RBAC was in use. The editor is now run with the user's real and effective user-IDs.
A commit references this bug: Author: garga Date: Tue Jan 12 12:40:24 UTC 2021 New revision: 561323 URL: https://svnweb.freebsd.org/changeset/ports/561323 Log: security/sudo: Update to 1.9.5p1 This version fixes a regression introduced by 1.9.5 Changelog: https://www.sudo.ws/stable.html#1.9.5p1 PR: 252598 Submitted by: cy MFH: 2021Q1 Sponsored by: Rubicon Communications, LLC (Netgate) Changes: head/security/sudo/Makefile head/security/sudo/distinfo
A commit references this bug: Author: garga Date: Tue Jan 12 12:43:27 UTC 2021 New revision: 561325 URL: https://svnweb.freebsd.org/changeset/ports/561325 Log: MFH: r561259 r561323 Update 1.9.4p2 --> 1.9.5 PR: 252583 Submitted by: cy Reported by: cy Approved by: garga (maintainer) Security: CVE-2021-23239 security/sudo: Update to 1.9.5p1 This version fixes a regression introduced by 1.9.5 Changelog: https://www.sudo.ws/stable.html#1.9.5p1 PR: 252598 Submitted by: cy Sponsored by: Rubicon Communications, LLC (Netgate) Changes: _U branches/2021Q1/ branches/2021Q1/security/sudo/Makefile branches/2021Q1/security/sudo/distinfo