Update sudo in Debian Wheezy for CVE-2021-3156
I think the simplest option for you is to build the Debian 9 version of sudo
:
apt-get install devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf autotools-dev bison flex libaudit-dev
dget -u http://security.debian.org/pool/updates/main/s/sudo/sudo_1.8.19p1-2.1+deb9u3.ds
cd sudo-1.8.19p1
debian/rules binary
If the tests fail (they failed for me on /dev/console
), disable them and build again:
sed -i '/build-simple check/d' debian/rules
debian/rules binary
You will end up with the packages in the parent directory, you can install those you need from there with dpkg -i
.
Once all this is done, you can remove the build-dependencies:
apt-get purge devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf autotools-dev bison flex libaudit-dev
apt-get --purge autoremove
The same can be done using the latest sources from Debian unstable, as suggested by Artem:
apt-get install devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf bison flex libaudit-dev zlib1g-dev
dget -u https://deb.debian.org/debian/pool/main/s/sudo/sudo_1.9.5p2-1.dsc
cd sudo-1.9.5p2/
debian/rules binary
(Traditionally, one would use apt-get build-dep
and dpkg-buildpackage -uc -us
, but that won’t work here without making more changes to the package — it has some build-dependencies which can’t be satisfied in Wheezy, but the package builds fine without them.)
I would suggest simply building and installing the package from Debian Unstable:
Source files: https://packages.debian.org/source/unstable/sudo
Building a package: https://www.debian.org/doc/manuals/maint-guide/build.en.html
The reason I'm offering the latest and greatest is because: a new package contains new handy features, e.g. the support for /etc/sudo.d/
and probably other fixed vulnerabilities you're not yet aware of.