i have centos 7 server and i want to install this packet . how i can install this packet on my server and which command i must use
Critical Sudo Vulnerability - CVE-2021-3156/Baron Samedit
thanks
CVE-2021-3156
Re: CVE-2021-3156
That update is from January 2021 so if you are missing that then you are missing others too. Run yum update to get everything up to date. If the kernel or glibc or openssl and probably some other packages are also updated then you should reboot to activate the fixes. After the update you should see results like this
Code: Select all
[root@centos7 ~]# rpm -q sudo
sudo-1.8.23-10.el7_9.1.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-3156
some applications are running on the server while centos is being updated. does it have an impact on them, how do you plan an update in such cases? in other words, how do you contact the software teams or applications and plan every time the update package is released. for example, this update is required for the OS, but I don't know how it affects the applications on them. how do you follow the path in these situations.
i want to take advantage of your experience
thanks
i want to take advantage of your experience
thanks
Re: CVE-2021-3156
The whole point of RHEL and CentOS is that they really try very hard not to break things while also providing updates to keep you secure. Those updates do not do any good if they are not installed.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-3156
I'm nice. I kill the users and reboot the machines in order to get every last bit of updates in use.
If I were not nice, then I would let users crash on old bugs or get hacked.
If I were not nice, then I would let users crash on old bugs or get hacked.
Re: CVE-2021-3156
And the way that updates work is that yum replaces the files on disk but anything that already has them in use will continue to use the old version of the files until that process ends and is restarted.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke