Am 28.01.21 um 00:02 schrieb Konstantin Olchanski:
> sudo is broken, CVE-2021-3156. Fixed packages are out for el7, el8, ubuntu.
>
> There is a fixed package for RHEL6, sudo-1.8.6p3-29.el6_10.4.x86_64.rpm, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_errata_RHSA-2D2021-3A0227&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DdnVo6dknCRTqounMfG7Q82qFx2i7ANhA2ba5RkXC4g&s=R-6UJIwBbW5KnUMkSLmGuGA03CoQQ0nkVLXkC2ogupA&e=
>
>
> Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6,
> no fix in EPEL).
Dear Konstantin,
indeed there is a fixed package, it is part of TUV' Extended Life-Cycle
Support Add-On, they provide selected security updates for critical and
important security fixes to paying customers. These packages are not
generally available to the public and not rebuilt by SL. However, you
might get it from Oracle in the future, watch this page:
https://yum.oracle.com/whatsnew.html
Regards,
Götz
--
Götz Waschk° Phone: +49 33762 77169
Deutsches Elektronen-Synchrotron DESY ° Fax:+49 33762 77216
Platanenallee 6° E-Mail: goetz.was...@desy.de
15738 Zeuthen Germany
smime.p7s
Description: S/MIME Cryptographic Signature