Hi You can use oracle linux 6 , it is still supported (till March 2021) On Wed, 27 Jan 2021 at 09:38, Gionatan Danti <g.danti at assyoma.it> wrote:> Hi all, > do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6? > > While CentOS 6 is now supported anymore, RedHat has it under its > payedsupport agreement (see: > https://access.redhat.com/security/vulnerabilities/RHSB-2021-002). > > So I wonder if some community-packaged patch exists... > Thanks. > > -- > Danti Gionatan > Supporto Tecnico > Assyoma S.r.l. - www.assyoma.it > email: g.danti at assyoma.it - info at assyoma.it > GPG public key ID: FF5F32A8 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
> Hi > > You can use oracle linux 6 , it is still supported (till March 2021)But I don't find this sudo update or the recent openssl update in their repos? Is this for paying customers only or what? Simon> > On Wed, 27 Jan 2021 at 09:38, Gionatan Danti <g.danti at assyoma.it> wrote: > >> Hi all, >> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6? >> >> While CentOS 6 is now supported anymore, RedHat has it under its >> payedsupport agreement (see: >> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002). >> >> So I wonder if some community-packaged patch exists... >> Thanks. >> >> -- >> Danti Gionatan >> Supporto Tecnico >> Assyoma S.r.l. - www.assyoma.it >> email: g.danti at assyoma.it - info at assyoma.it >> GPG public key ID: FF5F32A8 >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Maxim Shpakov:> > You can use oracle linux 6 , it is still supported (till March 2021)Looks like Oracle's el6 sudo update is now available: https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm * Tue Jan 26 2021 Qing Lin <qing.lin at oracle.com> - 1.8.6p3-29.0.2.el6_10.3 - backport the fix CVE-2021-3156.patch from ol7. James Pearson