From the 1.9.5 changelog: * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support "protected symlinks", setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information see https://www.sudo.ws/alerts/sudoedit_selinux.html.
We're only vulnerable to the first using supported configurations.
amd64 done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f914130fbe411b5a304579002e551c0a4edb19d6 commit f914130fbe411b5a304579002e551c0a4edb19d6 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-01-12 07:52:42 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-01-12 07:52:42 +0000 app-admin/sudo: Bump to version 1.9.5_p1. Removed old Bug: https://bugs.gentoo.org/764986 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-admin/sudo/Manifest | 2 +- app-admin/sudo/{sudo-1.9.5.ebuild => sudo-1.9.5_p1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
arm64 done
arm done
x86 done
hppa/sparc stable
ppc done
ppc64 done
Unable to check for sanity: > no match for package: app-admin/sudo-1.9.5_p1
All sanity-check issues have been resolved
Unable to check for sanity: > no match for package: app-admin/sudo-1.9.5_p1-r1
This issue was resolved and addressed in GLSA 202101-33 at https://security.gentoo.org/glsa/202101-33 by GLSA coordinator Sam James (sam_c).