3 days ago this was published:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
The sudo team has provided an updated sudo package but this is not available on ClearOS yet. When will this one become available?
Easy check to see if your sudo is effected:
Bad:
Good:
Of course one can just install the update from the sudo team directly:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
The sudo team has provided an updated sudo package but this is not available on ClearOS yet. When will this one become available?
Easy check to see if your sudo is effected:
Bad:
dries@mail:~$ sudoedit -s /
sudoedit: /: not a regular file
Good:
[root@mail ~]# sudoedit -s /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
Of course one can just install the update from the sudo team directly:
yum install https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-1.9.5-3.el7.x86_64.rpm
Share this post:
Responses (3)
-
Accepted Answer
It will be fixed as soon as 7.9 is out. We were going to release it to the community this week but have been asked to delay it until the second week of Feb. Paid versions will be a week or two later.
In the meanwhile you can fix it with:yum update sudo --enablerepo=centos-updates-unverified
I'll see if I can release that package in advance, but I am not so sure of that. -
Accepted Answer
I've now injected the package into the contribs repo for automatic updating to both Community and Paid customers. It is sync'ing to the repos now (it is already in the US repos) and should be available justabout everywhere in the next couple of hours. A simple:
should then pull it down.yum update sudo
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »