Update sudo in Debian Wheezy for CVE-2021-3156

I think the simplest option for you is to build the Debian 9 version of sudo:

apt-get install devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf autotools-dev bison flex libaudit-dev
dget -u http://security.debian.org/pool/updates/main/s/sudo/sudo_1.8.19p1-2.1+deb9u3.ds
cd sudo-1.8.19p1
debian/rules binary

If the tests fail (they failed for me on /dev/console), disable them and build again:

sed -i '/build-simple check/d' debian/rules
debian/rules binary

You will end up with the packages in the parent directory, you can install those you need from there with dpkg -i.

Once all this is done, you can remove the build-dependencies:

apt-get purge devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf autotools-dev bison flex libaudit-dev
apt-get --purge autoremove

The same can be done using the latest sources from Debian unstable, as suggested by Artem:

apt-get install devscripts libpam0g-dev libldap2-dev libsasl2-dev libselinux1-dev autoconf bison flex libaudit-dev zlib1g-dev
dget -u https://deb.debian.org/debian/pool/main/s/sudo/sudo_1.9.5p2-1.dsc
cd sudo-1.9.5p2/
debian/rules binary

(Traditionally, one would use apt-get build-dep and dpkg-buildpackage -uc -us, but that won’t work here without making more changes to the package — it has some build-dependencies which can’t be satisfied in Wheezy, but the package builds fine without them.)


I would suggest simply building and installing the package from Debian Unstable:

Source files: https://packages.debian.org/source/unstable/sudo

Building a package: https://www.debian.org/doc/manuals/maint-guide/build.en.html

The reason I'm offering the latest and greatest is because: a new package contains new handy features, e.g. the support for /etc/sudo.d/ and probably other fixed vulnerabilities you're not yet aware of.

Tags:

Sudo