On Friday, 29 January 2021 at 18:20 (+0100), Łukasz Michalski via arch-general
wrote:
> Maybe this should be posted as arch news message?
There was an announcement on the security list, attached.
Jaron
--- Begin Message ---
Arch Linux Security Advisory ASA-202101-25
=
Am 29.01.2021 18:20, schrieb Łukasz Michalski via arch-general:
Hi,
Just checked my servers and all were vulnerable:
[zork@archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
malloc(): corrupted top size
Aborted (core dumped)
Updating to the latest version (sudo-1.9.5.p2-1) closed this
On 1/29/21 12:20 PM, Łukasz Michalski via arch-general wrote:
Hi,
Just checked my servers and all were vulnerable:
Updating to the latest version (sudo-1.9.5.p2-1) closed this
vulnerability. Maybe this should be posted as arch news message?
It was already sent to the arch-security mailin
I agree it should be a message. I'm curious though, about how often you
update on the server side? By the time I got the announcement the core repo
had pushed that version to me already.
On Fri, Jan 29, 2021 at 12:26 PM Łukasz Michalski via arch-general <
arch-general@lists.archlinux.org> wrote:
Hi,
Just checked my servers and all were vulnerable:
[zork@archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
malloc(): corrupted top size
Aborted (core dumped)
Updating to the latest version (sudo-1.9.5.p2-1) closed this
vulnerability. Maybe this should be posted as arch news message
