How do I upgrade sudo to version 1.9.5p2? I use Ubuntu 20.04. I have already tried:
sudo apt-get update
sudo apt-get upgrade
But I am still on version 1.8.31.
Asked
Active
Viewed 1.2k times
15
BeastOfCaerbannog
- 16,703
Lochness
- 171
2 Answers
23
This vulnerability was mitigated by the Ubuntu Security Team on 19 January 2021.
See https://ubuntu.com/security/CVE-2021-3156.
sudo 1.8.31 was patched, which is the normal way of handling most CVEs. The Ubuntu 20.04 package was bumped from 1.8.31-1ubuntu1.1 to 1.8.31-1ubuntu1.2 due to the patches. The 20.04 package won't be upgraded to 1.9.x.
Most users already have the patched version installed: Security updates are automatically detected and installed by your Ubuntu system's Unattended Upgrades application without any user action needed.
How to determine if you are using the patched package: Since this was a patch instead of a new upstream release, sudo --version will merely (and correctly) return 1.18.31 which won't help you. Instead, use apt. Here's an example using apt list. Note the NEW package version (1.8.31-1ubuntu1.2) is installed.
$ apt list sudo
Listing... Done
sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.2 amd64 [installed]
user535733
- 68,493
8
To check whether sudo is vulnerable to CVE-2021-3156 the maintainers recommend doing:
sudoedit -s '\' `perl -e 'print "A" x 65536'`
If the sudo is patched it will respond with an error that starts with “usage:”.
dr0i
- 249
- 1
- 8