CVE-2021-3156

[merem29]

i have centos 7 server and i want to install this packet . how i can install this packet on my server and which command i must use

Critical Sudo Vulnerability - CVE-2021-3156/Baron Samedit

thanks

[TrevorH]

That update is from January 2021 so if you are missing that then you are missing others too. Run yum update to get everything up to date. If the kernel or glibc or openssl and probably some other packages are also updated then you should reboot to activate the fixes. After the update you should see results like this

Code: Select all

[root@centos7 ~]# rpm -q sudo
sudo-1.8.23-10.el7_9.1.x86_64

[merem29]

some applications are running on the server while centos is being updated. does it have an impact on them, how do you plan an update in such cases? in other words, how do you contact the software teams or applications and plan every time the update package is released. for example, this update is required for the OS, but I don't know how it affects the applications on them. how do you follow the path in these situations.
i want to take advantage of your experience

thanks

[TrevorH]

The whole point of RHEL and CentOS is that they really try very hard not to break things while also providing updates to keep you secure. Those updates do not do any good if they are not installed.

[jlehtone]

I'm nice. I kill the users and reboot the machines in order to get every last bit of updates in use.
If I were not nice, then I would let users crash on old bugs or get hacked.

[TrevorH]

And the way that updates work is that yum replaces the files on disk but anything that already has them in use will continue to use the old version of the files until that process ends and is restarted.