I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM. The package installed fine, the sudo functionality still works but according to the test described in the qualys advisory of running "sudoedit -s /” (without quotes) this system is still vulnerable.
My CentOS Linux 7 (x86_64), CentOS Linux 8 (x86_64), and CentOS Stream 8 (x86_64) VM running the actual CentOS package do not appear vulnerable running this test. Migrating the previously mentioned CentOS Linux 6 vm to Oracle Linux and running the same test shows the fully updated Oracle Linux 6 to be vulnerable as well. Has anyone else tried this? Do your results match or differ from mine? Thanks, Barry On January 28, 2021 9:15:47 AM UTC, James Pearson <jame...@moving-picture.com> wrote: >Maxim Shpakov: >> >> You can use oracle linux 6 , it is still supported (till March 2021) > >Looks like Oracle's el6 sudo update is now available: > >https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm >https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm >http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm > >* Tue Jan 26 2021 Qing Lin <qing....@oracle.com> - >1.8.6p3-29.0.2.el6_10.3 >- backport the fix CVE-2021-3156.patch from ol7. > >James Pearson >_______________________________________________ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
