CVE 2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Related bugs and status
CVE-2021-3156 (Candidate) is related to these bugs:
Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887438 | Controller-0 Not Ready after force rebooting active controller (Controller-1) | StarlingX | Medium | Fix Released | ||
Bug #1887677: stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887677 | stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers | StarlingX | Medium | Fix Released | ||
Bug #1900920: pods do not get restarted in an AIO-DX system
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1900920 | pods do not get restarted in an AIO-DX system | StarlingX | Medium | Fix Released | ||
Bug #1901449: DC: rbd mounted devices becomes read only after enabling https on system controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1901449 | DC: rbd mounted devices becomes read only after enabling https on system controller | StarlingX | Medium | Fix Released | ||
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released | ||
Bug #1915951: Shared NIC: System doesn't retain the rate-limit config when a pod is deleted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915951 | Shared NIC: System doesn't retain the rate-limit config when a pod is deleted | StarlingX | Medium | Fix Released | ||
Bug #1916946: CVE-2021-3156 sudo privilege escalation
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1916946 | CVE-2021-3156 sudo privilege escalation | StarlingX | Medium | Fix Released | ||
Bug #1917308: Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917308 | Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller | StarlingX | Critical | Fix Released | ||
Bug #1917781: Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917781 | Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv | StarlingX | Low | Fix Released | ||
Bug #1918139: On AIO hosts, kuberenetes is starting before key resources are initialized
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918139 | On AIO hosts, kuberenetes is starting before key resources are initialized | StarlingX | Medium | Fix Released | ||
Bug #1920245: drbd filesystems not resized during bootstrap
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1920245 | drbd filesystems not resized during bootstrap | StarlingX | Medium | Fix Released | ||
Bug #1923665: No LLDP information available for Fortville i40e NIC
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1923665 | No LLDP information available for Fortville i40e NIC | StarlingX | Medium | Fix Released | ||
Bug #1924579: armada-api container not using the correct user
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924579 | armada-api container not using the correct user | StarlingX | Low | Fix Released | ||
Bug #1924686: systemd excessively reads mountinfo and udev in dense container environments
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924686 | systemd excessively reads mountinfo and udev in dense container environments | StarlingX | Medium | Fix Released | ||
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released | ||
Bug #1926591: Unlock fails after restore when trying to resize docker-lv fs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926591 | Unlock fails after restore when trying to resize docker-lv fs | StarlingX | High | Fix Released | ||
Bug #1927153: intel-fpga/intel-gpu/intel-qat: docker images build errors
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927153 | intel-fpga/intel-gpu/intel-qat: docker images build errors | StarlingX | Medium | Fix Released | ||
Bug #1927730: Secure boot via pxeboot fails with updated grub2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927730 | Secure boot via pxeboot fails with updated grub2 | StarlingX | High | Fix Released | ||
Bug #1928018: AIO-SX: armada pod stuck in Unknown after host-lock/unlock
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928018 | AIO-SX: armada pod stuck in Unknown after host-lock/unlock | StarlingX | Medium | Fix Released | ||
Bug #1928141: AIO-SX upgrade_platform playbook fails waiting for armada-api pod
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928141 | AIO-SX upgrade_platform playbook fails waiting for armada-api pod | StarlingX | Medium | Fix Released | ||
Bug #1928934: Storage-services loss of redundancy after lock/unlock of standby controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928934 | Storage-services loss of redundancy after lock/unlock of standby controller | StarlingX | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
