New critical sudo vulnerability - CVE-2021-3156

[treimers]

Thanks!

Appreciate that....

[fuzzy4096]

Hello again.
I just checked sudo official website. https://www.sudo.ws/sudo/
They have released source code for 1.9.5p2 and a updated rpm package for stable branch, even for Centos 6
I don't know if they are going to made a legacy release.
Greetings

Sorry for hijacking the conversation, what does that mean ? Can I simply download the .rpm from their site and run a yum localinstall on it ? Will this not break things ? Quoting from the CentOS wiki

" DO NOT attempt to install software packages which are part of CentOS as a source package, because you think you absolutely need the newest version. THIS WILL OFTEN BREAK THINGS"

or

"A common objection runs like this: But package foo in version x.y.1 has security holes which are gone in version x.z.1!
That may be the case. But normally version x.z.1 also has new features over x.y.1 and those may break the expected behaviour of the software
"

Any input on this folks ?


PS. I have even see recommendations to install the patched rpm for CentOS 6 from https://yum.oracle.com/repo/OracleLinux ... x86_64.rpm
Thank you!

[sml]

Yes, the package from Oracle Linux is the best available option right now. Actually, you have to migrate to CentOS 7 or CentOS 8 ASAP.

[Blair]

Thanks sml and fuzzy.
Best regards.