Todd C. Miller reports:
Sudo's pwfeedback option can be used to provide visual feedback
when the user is inputting their password. For each key press,
an asterisk is printed. This option was added in response to
user confusion over how the standard Password: prompt disables
the echoing of key presses. While pwfeedback is not enabled by
default in the upstream version of sudo, some systems, such as
Linux Mint and Elementary OS, do enable it in their default
sudoers files.
Due to a bug, when the pwfeedback option is enabled in the
sudoers file, a user may be able to trigger a stack-based buffer
overflow. This bug can be triggered even by users not listed in
the sudoers file. There is no impact unless pwfeedback has been
enabled.