Am 29.01.2021 18:20, schrieb Łukasz Michalski via arch-general:
Hi,
Just checked my servers and all were vulnerable:
[zork@archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
malloc(): corrupted top size
Aborted (core dumped)
Updating to the latest version (sudo-1.9.5.p2-1) closed this
vulnerability. Maybe this should be posted as arch news message?
Regards,
Łukasz
There has been an ASA on arch-security [0] on top of huge press
coverage, that should suffice.
[0]
https://lists.archlinux.org/pipermail/arch-security/2021-January/001699.html
