New critical sudo vulnerability - CVE-2021-3156

Support for security such as Firewalls and securing linux
treimers
Posts: 2
Joined: 2021/01/29 18:55:24

Re: New critical sudo vulnerability - CVE-2021-3156

Post by treimers » 2021/01/30 22:44:43

Thanks!

Appreciate that....

fuzzy4096
Posts: 9
Joined: 2020/12/14 16:29:11

Re: New critical sudo vulnerability - CVE-2021-3156

Post by fuzzy4096 » 2021/02/02 08:48:37

Blair wrote:
2021/01/28 07:59:46
Hello again.
I just checked sudo official website. https://www.sudo.ws/sudo/
They have released source code for 1.9.5p2 and a updated rpm package for stable branch, even for Centos 6 :)
I don't know if they are going to made a legacy release.
Greetings
Sorry for hijacking the conversation, what does that mean ? Can I simply download the .rpm from their site and run a yum localinstall on it ? Will this not break things ? Quoting from the CentOS wiki
" DO NOT attempt to install software packages which are part of CentOS as a source package, because you think you absolutely need the newest version. THIS WILL OFTEN BREAK THINGS"
or
"A common objection runs like this: But package foo in version x.y.1 has security holes which are gone in version x.z.1!
That may be the case. But normally version x.z.1 also has new features over x.y.1 and those may break the expected behaviour of the software
"
Any input on this folks ?


PS. I have even see recommendations to install the patched rpm for CentOS 6 from https://yum.oracle.com/repo/OracleLinux ... x86_64.rpm
Thank you!

sml
Posts: 221
Joined: 2020/01/17 09:01:44

Re: New critical sudo vulnerability - CVE-2021-3156

Post by sml » 2021/02/02 11:06:39

Yes, the package from Oracle Linux is the best available option right now. Actually, you have to migrate to CentOS 7 or CentOS 8 ASAP.

Blair
Posts: 6
Joined: 2021/01/27 12:01:26

Re: New critical sudo vulnerability - CVE-2021-3156

Post by Blair » 2021/02/03 17:02:52

Thanks sml and fuzzy.
Best regards.

Post Reply

Return to “CentOS 6 - Security Support”