Skip to content

How to patch Sudo

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) made itself known over the past few days and admins everywhere are rushing to patch it. Ill skip the analysis, watch the video below for that, and get right to patching.

To verify your version:

sudo --version

1.8.31 is vulnerable.

Go to and download the latest relase tar.gz. As of right now, the latest is sudo 1.9.5p2

Once downloaded, de-compress with

tar -xzvf <filename>

cd into the created directory “sudo-1.9.5p2” in this case




make && sudo make install

Once this has completed you mush reload your shell in order to see the new version has been installed. you can type


and then

sudo --version

Big thanks to John Hammond for this video on the process.

Published inDevopsSecurity

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *