Yesterday, Qualys announced the discovery of a vulnerability in sudo:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Updated sudo packages are now available and we recommend that users install them as soon as possible. Please note that some Linux distributions may backport patches without incrementing the version number, so "sudo --version" may return the same version number even after you install the updated package.
Security Onion 16.04
If you're still running Security Onion 16.04, an updated sudo package is now available for Ubuntu 16.04 and you can install it with the standard update command:
sudo soup
As a reminder, please keep in mind that Security Onion 16.04 reaches End of Life in less than 3 months:
https://blog.securityonion.net/2021/01/3-month-eol-notice-for-security-onion.html
Security Onion 2
Updated sudo packages are now available for both Ubuntu 18.04 and CentOS 7. If you accepted the default option of automatic OS patching, then your installation has likely already updated. If you did not accept the automatic OS patch schedule, then you can manually install the update using the standard distribution update mechanism as follows.
If you installed using our Security Onion 2 ISO image or manually installed on CentOS 7:
sudo yum -y update
If you manually installed on Ubuntu 18.04:
sudo apt update && sudo apt dist-upgrade