Security issue in sudo

A security issue has been identified and fixed in the sudo utility. Updates are available for XCP-ng 8.1 and 8.2.

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot not necessary after this update, unless you had missed the previous Xen security update.

Summary

Though not used by default, the sudo utility is installed on XCP-ng hosts. An important security flaw was discovered that made it necessary to update it to a patched version.

Even if you haven't configured extra non-root users on your XCP-ng hosts, updating is important as part of a global security process: let's not leave an easy way for any malevolent process to get root powers.

References

• https://www.sudo.ws/alerts/unescape_overflow.html
• https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156