Episode 257 - The sudo and libgcrypt vulnerabilities

<p><a href="https://twitter.com/joshbressers" rel= "nofollow">Josh</a> and <a href="https://twitter.com/kurtseifried" rel="nofollow">Kurt</a> talk about the recent sudo and libgcrypt security vulnerabilities. What's the deal with these buffer overflows and TOCTU bugs?</p> <p><strong>Show Notes</strong></p> <ul> <li><a href= "https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt" rel="nofollow">Sudo buffer overflow</a></li> <li><a href="https://www.sudo.ws/alerts/sudoedit_selinux.html" rel= "nofollow">Sudo SELinux bug</a></li> <li><a href= "https://bugs.chromium.org/p/project-zero/issues/detail?id=2145" rel="nofollow">libgcrypt buffer overflow</a></li> </ul>