Upgrade sudo to 1.9.5p2 version due to CVE-2021–3156 vulnerability

This vulnerability was mitigated by the Ubuntu Security Team on 19 January 2021.

See https://ubuntu.com/security/CVE-2021-3156.

sudo 1.8.31 was patched, which is the normal way of handling most CVEs. The Ubuntu 20.04 package was bumped from 1.8.31-1ubuntu1.1 to 1.8.31-1ubuntu1.2 due to the patches. The 20.04 package won't be upgraded to 1.9.x.

Most users already have the patched version installed: Security updates are automatically detected and installed by your Ubuntu system's Unattended Upgrades application without any user action needed.

How to determine if you are using the patched package: Since this was a patch instead of a new upstream release, sudo --version will merely (and correctly) return 1.18.31 which won't help you. Instead, use apt. Here's an example using apt list. Note the NEW package version (1.8.31-1ubuntu1.2) is installed.

$ apt list sudo
Listing... Done
sudo/focal-updates,focal-security,now 1.8.31-1ubuntu1.2 amd64 [installed] 

To check whether sudo is vulnerable to CVE-2021-3156 the maintainers recommend doing:

 sudoedit -s '\' `perl -e 'print "A" x 65536'`

If the sudo is patched it will respond with an error that starts with “usage:”.