sudo fix for SL6

2021-01-27 Thread Konstantin Olchanski 
sudo is broken, CVE-2021-3156. Fixed packages are out for el7, el8, ubuntu.

There is a fixed package for RHEL6, sudo-1.8.6p3-29.el6_10.4.x86_64.rpm, see
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_errata_RHSA-2D2021-3A0227&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DdnVo6dknCRTqounMfG7Q82qFx2i7ANhA2ba5RkXC4g&s=R-6UJIwBbW5KnUMkSLmGuGA03CoQQ0nkVLXkC2ogupA&e=
 

Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6, 
no fix in EPEL).


-- 
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

Re: sudo fix for SL6

2021-01-27 Thread Adam Mercer 

On 1/27/21 4:02 PM, Konstantin Olchanski wrote:


Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6, 
no fix in EPEL).


I was under the impression that SL6 went EOL in November 2020, so I 
imagine there won't be an update.


Cheers

Adam



OpenPGP_0xAB075F2AA0101627.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature

Re: sudo fix for SL6

2021-01-27 Thread Götz Waschk 
Am 28.01.21 um 00:02 schrieb Konstantin Olchanski:
> sudo is broken, CVE-2021-3156. Fixed packages are out for el7, el8, ubuntu.
> 
> There is a fixed package for RHEL6, sudo-1.8.6p3-29.el6_10.4.x86_64.rpm, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_errata_RHSA-2D2021-3A0227&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DdnVo6dknCRTqounMfG7Q82qFx2i7ANhA2ba5RkXC4g&s=R-6UJIwBbW5KnUMkSLmGuGA03CoQQ0nkVLXkC2ogupA&e=
>  
> 
> Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6, 
> no fix in EPEL).
Dear Konstantin,

indeed there is a fixed package, it is part of TUV' Extended Life-Cycle
Support Add-On, they provide selected security updates for critical and
important security fixes to paying customers. These packages are not
generally available to the public and not rebuilt by SL. However, you
might get it from Oracle in the future, watch this page:
https://yum.oracle.com/whatsnew.html

Regards,
Götz


-- 
Götz Waschk° Phone:  +49 33762 77169
Deutsches Elektronen-Synchrotron DESY  ° Fax:+49 33762 77216
Platanenallee 6° E-Mail: goetz.was...@desy.de
15738 Zeuthen Germany



smime.p7s
Description: S/MIME Cryptographic Signature